Beruflich Dokumente
Kultur Dokumente
org
PAGE 1
TABLE OF CONTENTS
IT Standard for Business.............................................................................................................................. 4
Preface .......................................................................................................................................................... 5
IT Standard for Business ................................................................................................................................ 9
Enterprise Development ........................................................................................................................... 12
Overview ..................................................................................................................................................... 13
Business Relationship Management ............................................................................................................. 18
Governance, Objectives and Communication ............................................................................................... 20
Ecosystem Management .............................................................................................................................. 24
Concept Development ................................................................................................................................. 25
Project Portfolio Management ..................................................................................................................... 26
Business Process Development.................................................................................................................... 29
Service Portfolio Management ..................................................................................................................... 32
Enterprise Information Management ........................................................................................................... 33
Focus Areas ................................................................................................................................................. 36
Strategy and Governance.......................................................................................................................... 40
Overview ..................................................................................................................................................... 41
Business Relationship Management ............................................................................................................. 44
Governance, Objectives and Communication ............................................................................................... 45
Strategy and Operating Model ..................................................................................................................... 46
Organization and Competence Development ............................................................................................... 48
Enterprise Architecture ................................................................................................................................ 50
Security, Risk Management and Quality Assurance ....................................................................................... 53
Financial Planning and Control .................................................................................................................... 54
Focus Areas ................................................................................................................................................. 55
Sourcing and Supplier Management ....................................................................................................... 58
Overview ..................................................................................................................................................... 59
Ecosystem Management .............................................................................................................................. 65
Concept Development ................................................................................................................................. 66
Sourcing and Supplier Strategy.................................................................................................................... 67
Category and Technology Management ....................................................................................................... 69
Tendering and Sourcing Process .................................................................................................................. 70
Supplier Relationship Management ............................................................................................................. 72
Performance Management........................................................................................................................... 74
Focus Areas ................................................................................................................................................. 75
Project and Development Management.................................................................................................. 78
Overview ..................................................................................................................................................... 79
Project Portfolio Management ..................................................................................................................... 87
Business Process Development.................................................................................................................... 88
Pre-Study and Business Case ....................................................................................................................... 89
Planning and Commitment .......................................................................................................................... 90
Design, Development and Validation............................................................................................................ 92
Deployment and Training ............................................................................................................................ 94
Business Benefits Realization....................................................................................................................... 96
www.itforbusiness.org
PAGE 2
www.itforbusiness.org
PAGE 3
www.itforbusiness.org
PAGE 4
1.1 Preface
One often hears from business people that IT is very complex and hard to understand for anyone
outside the IT world, and thus difficult to manage. IT Standard for Business (or IT Standard in short)
has been developed to support decision makers both in business and IT to have a holistic picture of
how IT should be managed in order to provide maximum value for business. Since the business needs
should be the main driver in IT management, the emphasis in the IT Standard is on the cooperation
between business and IT.
IT Standard for Business differs from many other IT standards and frameworks because it is simple
and written in everyday language. This makes it useful for everyone who wants to understand how
IT functions should be governed in an organization. The basic framework illustration, called the grid,
gives an overview of the five principle elements of IT management which are the following:
Enterprise Development turns business development initiatives into operational actions in IT.
Strategy and Governance defines how IT operates and creates value for the business.
Sourcing and Supplier Management ensures that the company has the services that best fit its
business purposes.
Project and Development Management is essential for organizations to improve and create new
solutions to succeed in competitive environments.
Service Management offers business-aligned services that ensure efficient and uninterrupted
business operations.
The IT Standard collects the know-how of hundreds of individuals who possess extensive experience
in the IT field. It has been developed with a community of IT professionals and business executives
whose collaboration benefits the entire information society. It is an open source framework, available
for everyone at www.itforbusiness.org and can be freely used to improve the companys IT. Training
partners collaborating with the ICT Standard community can also offer certification courses on IT
Standard for Business (Certified IT Standard Professional) and on IT Management (Certified IT
Management Professional). For more information on further education and certification exams,
please visit the community developing the IT Standard, ICT Standard Forum at www.ictstandard.org.
The first edition of IT Standard was published in 2009 under the title of ICT Standard for Management.
The development was done by an IT management advisory company called Sofigate. Since
publication, the IT Standard raised a lot of interest and was taken into use in numerous Nordic
companies. ICT Standard Forum was then established to develop the framework further and to ensure
www.itforbusiness.org
PAGE 5
global visibility. Many renowned IT leaders took part in the development of the second version, which
was published in 2012.
This third version is an e-Edition format published in 2015, which includes the results of the extensive
development programs carried out with globally operating companies, such as, Fortum, KONE, Neste,
Pyry, Saab, Sanoma, and VR Group. In addition to the new models and best practices such as the
new IT Operating model, business-focused Project Model and the five elements of Service
Management, this version places special focus on the requirements of digitalization.
Digitalization underlines the importance of professional IT management as it impacts each and every
area of any business today. IT Standard for Business is one of the first widely used management
frameworks that has been thoroughly renewed to fully support digitalization to its full extent. Even if
the actual word digitalization is not found in the name any of the functions of the IT Standard grid,
digitalization runs through the whole IT Standard and impacts every single function.
We hope that IT Standard for Business helps organizations to better manage and develop their IT
functions. In closing, we welcome all feedback, development ideas, and experiences on using the IT
Standard. All new members are welcome to join the community at www.ictstandard.org.
Juha Huovinen
Chairman of the Board
ICT Standard Forum
Katri Riikonen
Head of CIO Innovation Center
Sofigate
www.itforbusiness.org
PAGE 6
Acknowledgments
The IT Standard for Business 2015 has been developed in cooperation with the Business and IT
executives. The members of the IT Standard development community include:
Editorial Team
Sofigate: Juha Huovinen (Editor in Chief), Katri Riikonen (Managing Editor), Jari Andersson, Ari
Nuutinen, Elena Van Leemput, Jarmo Jtyri, Lotta Deau, Erja Klemola, Jari Raappana, Jori Kanerva,
Menno Huijben,Mikko Talsi, Tuomo Malinen
Special thanks to the following individuals for development and editorial support:
Caruna: Heikki Linnanen (CIO)
City of Helsinki: Ilkka Kautto
City of Vantaa: Antti Yl-Jarkko (CIO), Hannu-Pekka Polttila
Destia: Jaana Saarela (CIO)
DNA: Janne Aalto (CIO), Tiina Moberg
Fingrid: Kari Suominen (CIO), Marko Haikarainen
Fortum: Pekka Eira (CIO), Eero Kukkola, Jukka Rautakallio, Matti Nurmi
HKScan: Tero Lindholm (CIO), Christer Widegren
KONE: Kati Hagros (CDO), Antti Koskelin (CIO), Galith Nabornik, Milla Saaristenper
Konecranes: Juha Pankakoski (CDO), Samuli Pahkala
Lhitapiola: Mikko Vastela (CIO), Jari Koivumki
Neste: Tommi Tuovila (CIO), Esa Nyknen, Marko Mki-Ullakko
Pyry: Vesa Erolainen (CIO), Andy Checkley
Sanoma: Mikael Nurmi (CTO), Antti Kervinen, Turkka Ihalainen
Sofigate: Sami Karkkila (CEO), Antti Glad, Aki Karhu, Ari Nuutinen, Eero Korhonen, Elina Pelto, Heikki
Kylmniemi, Jaana Nurmi, Jarkko Lommi, Jarmo Pyykknen, Juha Kauhanen, Juho Pasanen,
Jukkapekka Riikkil, Jyrki Martti, Kaisa Ala-Jski, Kare Piekkola, Kari Vrnen, Kimmo Koivisto,
Lauri Kivist, Liisa Korkiakoski, Miikka Salmi, Pasi Lahtonen, Pauli Lnnroth, Pavel Haimi, Peter
Westerholm, Petri Havukainen, Pirjo Myyry, Sanna Suomela, Seppo Kainomaa, Tommi Selinheimo,
Tuomo Koskenvaara, Valtteri Rantala
Technopolis: Tommy Kankkonen (CIO)
www.itforbusiness.org
PAGE 7
UPM: Turkka Keskinen (CIO), Jari Ilmonen, Mikko Wecksten, Timo Kaulio,
Veikkaus: Reni Waegelin (CIO), Timo Paajanen
VR (Finnish Railways): Jukka-Pekka Suonikko (CIO)
www.itforbusiness.org
PAGE 8
Figure 1.2 IT Standard for Business gives guidelines for IT Management decision making.
www.itforbusiness.org
PAGE 9
IT Standard aims to help IT management overcome the challenges faced by many organizations,
especially in respect to the relationship between business and IT. Those challenges can include, for
example the following:
Corporate management has difficulties to grasp the overall IT landscape and understand how
to manage IT so that it can bring more value to the company
IT is not considered a strategic function within the organization and therefore, it is not
developed with the same principles as other functions in the organization
IT professionals often unnecessarily mystify IT and IT management, and make it too complex
to be understood by non-IT professionals
Organizations often lack unified models for business and IT co-operation, decision making and
responsibility sharing
IT struggles to find a balance between fulfilling the business demands and supplying costefficient services to ensure the business continuity
IT Standard provides the solution to these challenges by introducing models, best practices and tools
for formalized, well-governed and effective IT management.
For clarity reasons, IT Standard is written primarily from the perspective of the medium and largesized companies. However, the model also fits small and very large companies because the key
management tasks remain substantially the same irrespective of the company size. At the end of each
chapter in the e-Edition, an example of the recommendations based on the company size.
IT Standard can be used both by private and public sector organizations, although some specific IT
management streams, such as Sourcing for example, may be impacted by some regulations and laws
in the public sector and therefore, further application instructions may be necessary to complement
the guidelines given by IT Standard.
www.itforbusiness.org
PAGE 10
updated.
IT Standard is available at www.itforbusiness.org without registration. The international community,
called ICT Standard Forum is found at www.ictstandard.org providing additional materials and
information such as articles, news and event information for the community members upon
registration.
www.itforbusiness.org
PAGE 11
www.itforbusiness.org
PAGE 12
2.1 Overview
Enterprise Development Definition and Objectives
Digitalization is fundamentally changing every business and industry. Existing business boundaries
are blurring as digital interconnections increase. Value creation and value destruction from
digitalization are rapidly reshaping the whole ecosystem. The success of the business is increasingly
dependent on how well IT succeeds in becoming a business enabler.
Digitalization enables organizations to interact with their customers in a profound way. Digitalization
changes how organizations relate to their customers, deliver products and services, do preventive
maintenance and add totally new functions and features to their existing offerings. With IT, it is
possible to boost the efficiency of operations, create cost savings, and build competitive advantage
through new business models, products, and services enabled by technology. All this is done together
with Business Development or the Chief Digital Officer (CDO) who is responsible for digitalizing
customer and product processes with the support of Marketing and Business Intelligence. Creating a
good customer experience and successfully utilizing the Internet of Things (IoT) requires analytics and
a holistic use of Enterprise Information data.
www.itforbusiness.org
PAGE 13
The illustration above helps clarify the responsibilities of IT and Business by showing their ownership
patterns. The CDO looks after the best interest of the customer and develops the customer experience
together with IT and Business. Business is responsible for leading the digitalization of the outer layers
that interface with customers and other important interest groups. IT, on the other hand, is
responsible for end user and business solutions that enable digitalization.
www.itforbusiness.org
PAGE 14
www.itforbusiness.org
PAGE 15
IT must enable enterprise development. This requires close and active collaboration with all
stakeholders.
www.itforbusiness.org
PAGE 16
www.itforbusiness.org
PAGE 17
A person with this role is called a Business Engagement Manager, Business IT Director, or Head of
Business IT. In their role, they are responsible for IT within their designated business unit(s) or group
function. Business Engagement Managers report to the Group CIO, who has the overall responsibility
for IT.
Responsibilities of the Business Engagement Manager:
Representing business in IT
IT Management Team member with a business focus
Responsible for coordinating business-specific development initiatives with a roadmap
Representing business in governance bodies if there is no other business representative
Digitalization sets high demands for mature IT operations, but also gives an opportunity for IT to
create more value for the business. When a Business Relationship matures into a strategic
www.itforbusiness.org
PAGE 18
www.itforbusiness.org
PAGE 19
www.itforbusiness.org
PAGE 20
www.itforbusiness.org
PAGE 21
lifecycle, including Business Benefits Realization. It reviews the business alignment of the portfolio,
decides the prioritization of initiatives, and resolves conflicts of interest in resource allocation. It
follows up on the status of projects and approves or rejects project continuation at portfolio gate
reviews. The Project Portfolio Steering Group is supported by a DMO/PMO that maintains an up-todate project portfolio dashboard with visibility on the scope, schedule and cost status of each project.
The Chairperson of Service Portfolio Steering should be the COO or another executive-level business
representative.
www.itforbusiness.org
PAGE 22
The Project Steering Group is responsible for the follow-up and guidance of a single project. It is
authorized to make project-related decisions according to the criteria defined in the Business Case
(including, for example, scope, schedule and budget).
Vendor Steering Groups represent the strategic level of vendor management and should be focused
on the development of services to better fit business objectives and needs.
www.itforbusiness.org
PAGE 23
www.itforbusiness.org
PAGE 24
In most cases, the key to Concept Development is the digitalization of processes and services.
Business and IT need to have a joint master plan covering gap analysis, strategic initiatives and
allocated resources for digitalization over the entire strategic planning timeframe of the company.
www.itforbusiness.org
PAGE 25
Typically, the project portfolio is managed by the PMO/DMO that is responsible for keeping the project
portfolio up-to-date, managing project dependencies, and evaluating new project proposals. The
development initiatives in the project portfolio should be evaluated and classified using common
criteria and prioritization. The PMO/DMO supports the Project or Development Portfolio Steering
Group in deciding which projects are started, stopped or postponed and where the focus in the
project portfolio lies.
An essential part of managing the project portfolio and Enterprise Development is assessing how
appropriate the project portfolio is and making decisions on it regularly. Every project in the portfolio
has to have a valid business justification, and all project dependencies must be identified. The
projects in the portfolio often have different Project Managers, so it is very important to identify all
project dependencies and communicate changes clearly.
www.itforbusiness.org
PAGE 26
1. Maintaining the Current State. If there is no real process or system development, the current
state is maintained. Small changes might take place in both processes and systems.
2. Replacing Existing Technology. Changing a version of an application due to technical reasons
is an example. Investing in hardware systems also belongs to this same category, unless it
involves process changes.
3. Process Development Project. Business processes can be developed independently without
system changes. However, in most cases, process changes require changes to systems as well.
Development projects that consist of both process and system changes belong to category 4.
4. Business Development Project. Implementation projects for IT systems that support the
companys core processes are Business Development Projects. For example, ERP systems and
www.itforbusiness.org
PAGE 27
Project Portfolio Management can also be organized as a corporate-level function. In this situation, IT
complies with the general company-wide principles of portfolio management.
www.itforbusiness.org
PAGE 28
www.itforbusiness.org
PAGE 29
FUNCTIONAL
MATRIX
PROCESS DRIVEN
BUSINESS
Requires a lot of
coordination and
resolving responsibility
conflicts.
Business relies on
networked decisionmaking. Processes are
transparent and fully
accountable.
PROCESS
DEVELOPMENT
Process development
within each function.
Business benefits can
be realized faster with
efficient internal
processes.
Process development
across business
functions. Focus on
developing core
processes. Customer
satisfaction and quality
drive development.
Process development
via networking.
Innovative, adaptable
operation models are
combined from own,
customers and
partners processes.
IT SYSTEMS
Off-the-shelf solutions
are in use for each
function.
INFORMATION
Common data
standards among
processes.
INTEGRA
TIONCHALLENGES
Integration of systems
and processes
throughout the
company is
complicated.
Challenging to create
data standards when
integrating systems.
Difficult to integrate
services owned by
several parties.
Figure 2.7 Operational models, information systems and the integration of systems.
www.itforbusiness.org
PAGE 30
Process development is a long-term effort and requires a strong process culture. This process culture
is supported by the companys common process development principles. It is necessary to set goals
and nominate owners for the main processes. The process owner is responsible for process evaluation
and continuous improvement.
www.itforbusiness.org
PAGE 31
Service portfolio management should be deployed so that portfolio steering, major decisions on new
services, and significant changes to existing services are carried out on the enterprise level by the
Service Portfolio Steering Group. However, it is also useful to have a fast track for small changes
that need to be done rapidly.
www.itforbusiness.org
PAGE 32
While some parts of Enterprise Information are common to all functions of the company, others are
strictly local.
www.itforbusiness.org
PAGE 33
Figure 2.9 presents the big picture of Enterprise Information. A company accumulates different types
of data through many sources, e.g. Sales & Marketing, Production and Engineering. The Core Data
consists of crucial information used in multiple company processes and information systems. It helps
in integrating businesses as part of the Core Architecture. The second layer is data in enterprise
applications such as ERP, CRM and PLM, which extend the Core Data to fulfill the needs of specific
www.itforbusiness.org
PAGE 34
business functions. The outer rim of the figure depicts data that is not likely to be part of Enterprise
Information but is crucial in excelling in business. Such data can be aggregated and analyzed to
become useful information for the company and can be used to increase revenue, cut costs, etc. This
type of data comes in larger volumes and is also referred to as Big Data.
The Internet of Things (IoT) will dramatically increase the amount of Big Data as it generates a large
amount of operational data. Therefore, digitalization increases the importance of Data Management
and adds the challenge for the company to store and analyze data in different volumes. The better
organized the companys enterprise information, the more value can be gained from data.
Enterprise Information Management is a harmonized and unified way of managing all data available
for the organization to use. The goal is to create a procedure to keep information up-to-date and
valuable for the business. Business must be able to trust its data warehouses and systems. Enterprise
Architecture should be responsible for defining the Enterprise Information, while Services are
responsible for maintaining and improving data together with business. The ownership of data should
always be with business.
www.itforbusiness.org
PAGE 35
Small Companies
Net sales 10M, operating locally
Digitalization opens new doors for each size of organization. In some cases, small companies are the
quickest to react to business changes. Smaller organizations should focus on agility and quick time-tomarket with new solutions.
Finding reliable IT service providers with a service offering that ensures business continuity is crucial
for small companies. Business continuity involves both the availability of information processed and
stored in the company, and the availability of IT services. It is challenging for small companies to
perform this role effectively on their own. This is why finding a good IT service partner corresponding
to the size of the company is recommended.
Properly ensuring business continuity involves monitoring service delivery performance and
managing risks actively (risk awareness, deciding on acceptable risk levels and risk mitigation).
Small companies should strive for formalized decision-making in all projects and investments. This is
important because even though decision-making is fairly straightforward and fast in a small company,
decisions must match business realities (relevance of investment, return on investment, resource
planning etc.).
www.itforbusiness.org
PAGE 36
Medium-Sized Companies
Net sales 100 M, decentralized operations
Generally, a medium-sized company pursues growth, which is why these companies run several
simultaneous projects involving different business areas. In order to obtain and maintain a realistic
and up-to-date overview of the companys entire IT project landscape, projects need to be divided by
Business Development and Digitalization and assigned to the agreed portfolios. Focused Project
Portfolio Management greatly increases the operational efficiency of medium-sized companies.
A medium-sized company should also monitor the fulfilment of the agreed service levels and make
detailed demands regarding these to its IT service providers, whether external or internal. In
particular, it is essential to ensure that the services and solutions are scalable as the company grows.
When a company is on a growth path, it is time to start collecting, documenting and implementing IT
management best practices. These practices form a solid foundation and baseline for the companys
subsequent process development and will considerably accelerate it. By doing so, IT also enhances its
own role as a significant profit enabler.
Large Companies
Net sales 1 000 M, operating internationally
A large enterprise provides its IT with clear objectives: IT must be one of the companys strategic
functions and fully integrated with Business as a unified Business Development function. This is
reflected in decision-making and commitment, as all development is attached to specific business
areas and is thus owned by them. IT, in turn, undertakes project and development implementation in
a responsible and measurable manner using a standardized Project Management Model.
Large companies face the challenge of managing the increasing complexity of both business and IT
operations. Consequently, within Business Development and Digitalization, the company must make
a number of important and conscious decisions that affect the companys strategy and ways of
working. These decisions include the companys general organization, harmonization of services,
standardization of terminology, and cooperation with other players in the industry.
www.itforbusiness.org
PAGE 37
Diversity can be managed only when Business Development and Digitalization are a permanent part
of the companys structure and are operated in a fully formalized, organized and measured manner.
In very large companies, the need to manage the ecosystems that offer services and solutions is
emphasized. The roles and responsibilities of the company and the ecosystems complement each
other and cooperation is efficient and innovative.
www.itforbusiness.org
PAGE 38
Figuer 2.10 The Enterprise Development focus changes with the size and complexity of the company.
Enterprise Development is the principal and most important control mechanism for a companys IT
operations. Enterprise Development integrates the other four streams and steers their objectives,
ways of working and operational targets. Smooth business cooperation ensures that the
implementation of the companys strategy and the strategic intent of business areas are supported by
IT.
www.itforbusiness.org
PAGE 39
www.itforbusiness.org
PAGE 40
3.1 Overview
Strategy and Governance Significance and Objectives
Strategy and Governance defines the guidelines for managing IT. Its significance increases in global
companies and when the company faces a business transformation or aggressively pursues growth
and development. Optimally, IT is a core function for implementing changes in a controlled manner.
Whereas Enterprise Development selects development initiatives, Strategy and Governance defines
how to execute them and IT Operations implements initiatives into solutions and services. IT
Operations include Sourcing, Development and Services.
Strategy and Governance sets several governing frames to guide the whole IT function in operations.
The IT Strategy, IT Governance and IT Operating Model are the highest-level frames.
IT Strategy defines the vision, mission and targets for the coming three to five years. It also
incorporates an execution plan between as-is and to-be states.
www.itforbusiness.org
PAGE 41
IT Governance defines how decisions are made and is therefore closely linked to Enterprise
Development.
The IT Operating Model defines how IT creates value for the business how development
initiatives are transformed into reliable solutions and services that meet business needs.
Strategy and Governance defines the organizational structure i.e. what is centralized, decentralized
or sourced. It determines the Enterprise Architecture, which sets guidelines for solutions and their
interoperability. It also provides policies and procedures for IT Security, Quality Assurance and Risk
Management. Budgeting and cost control is one of the governing frames with the most impact.
www.itforbusiness.org
PAGE 42
The Enterprise Architect defines the technology, applications and information (which together become
solutions) required to execute business architecture and processes. The Enterprise Architect, together
with business, defines the current and target state of architecture, and then steers the development of
business capabilities towards the business strategy.
The Quality Manager is responsible for the quality of IT solutions. In a digitalized world, user
experience is one of the most important measures of solution quality, so each business solution must
be easy to use, provide correct information and function properly. The Quality Manager is responsible
for this throughout IT operations.
The Information Security Manager ensures that solutions and information are available only for
intended users and user groups. The Information Security Manager defines practices and policies for
information security and oversees that these instructions are followed.
The IT Controller is responsible for IT budgeting, financial planning and monitoring in cooperation
with the companys financial and IT management. The IT Controller also takes care of internal
invoicing and pricing, ensuring IT costs are allocated accurately.
www.itforbusiness.org
PAGE 43
www.itforbusiness.org
PAGE 44
www.itforbusiness.org
PAGE 45
www.itforbusiness.org
PAGE 46
Figure 3.4 The IT Operating Model increases digitalization and reduces operating costs.
The Operating Model splits value creation into three management areas. Strategy and Sourcing are
led by the CIO Office. Development is carried out under the control of the Development Management
Office (DMO). The Service Management Office then delivers user experiences by managing the
services. In shared services and consolidated operations, the emphasis is on cost-efficiency, while in
solution development, the focus is on maintaining a fit to the business purpose.
www.itforbusiness.org
PAGE 47
There are many ways to organize the IT function, depending on the companys structure, strategy,
management style and business area. IT can be centralized, decentralized, or mixed. It may also be
appropriate to outsource large parts of IT operations.
In all alternatives, IT is organized into four functions (see Figure 3.5 The Elements of the IT
Organization). The IT Steering Group, CIO, CIO Office and Portfolio Steering form the Governance
function. The Business IT function is operated by the Business Engagement Managers and
contributes to Enterprise Development. The Development function covers project and change-based
solution development, while the Services function manages and continuously improves operational
IT. In a modern and lean IT organization, Business IT, Development and Services functions have
roughly the same number of people, as the majority of services and solutions are sourced.
www.itforbusiness.org
PAGE 48
IT Competence Development must be based on developing and reinforcing the competence that are
crucial to the implementation of the IT Strategy through the chosen Operating Model. As change
accelerates, competence virtualization becomes one of the keys to success. Competence virtualization
means scaling the organization based on the current actual need using standardized procedures, so
that fast training and on-boarding is possible, and on demand resources can be used to address
competence gaps or other shortcomings.
www.itforbusiness.org
PAGE 49
Digitalization has a major impact on Enterprise Architecture, as businesses flow over enterprise
boundaries and Business Infrastructures expand to cover customers and ecosystems as well. A
traditional monolithic architecture becomes complicated to manage and limits creativity inside
company boundaries. The IT Standard for Business presents an approach that gives more room for
planning the digitalization by integrating business to different ecosystems. The modularity of this
approach allows a more agile development of architecture for different business areas.
www.itforbusiness.org
PAGE 50
www.itforbusiness.org
PAGE 51
Enterprise Architecture must be steered with a clear governance process. Typically, governance is the
main responsibility of the CIO Office, but the organization may also have a dedicated Enterprise
Architecture Office (EAO). The general Enterprise Architecture policies and best practices, derived
from the Operating Model, are the foundation on which the entire Enterprise Architecture is built.
www.itforbusiness.org
PAGE 52
3.7 Strategy and Governance Security, Risk Management and Quality Assurance
www.itforbusiness.org
PAGE 53
www.itforbusiness.org
PAGE 54
Medium-sized Companies
Net sales category 100 M, decentralized operations
Selecting the appropriate centralization/decentralization model for IT is a key priority for Strategy and
Governance in medium-sized companies. Usually, centralized Strategy and Governance is the best
option.
www.itforbusiness.org
PAGE 55
When a company has several subsidiaries, the development of an IT strategy, governance model and
reporting grows in importance. In addition, a scalable architecture, strategic technology choices and
quality assurance have each an important role.
Large Companies
Net sales category 1 000 M, operating internationally
Diversity management together with increasing operational efficiency through harmonization and
consolidation are the focus areas in an internationally operating company. Large companies should
strive to deploy IT processes and unified information systems that support these processes.
IT needs to invest in adequate competence to support the development of business models and
processes, for example in Enterprise Resource Planning (ERP) and Customer Relationship
Management (CRM), as well as in Enterprise Architecture development.
www.itforbusiness.org
PAGE 56
Figure 3.9 Strategy and Governance focus changes with the size and complexity of the company.
IT strategy steers the implementation of the IT-related part of the companys strategy, while providing
the direction for IT management. Governance ensures that the operation and development of IT
support the achievement of targets specified in the IT strategy.
www.itforbusiness.org
PAGE 57
www.itforbusiness.org
PAGE 58
4.1 Overview
Sourcing and Supplier Management Significance and Objectives
Sourcing and Supplier Management ensures that a company has the services that best fit its business
purposes. The marketplace, however, is constantly evolving, and suppliers have to adopt technical
innovations and create new services that must be provided with higher quality and lower prices.
By actively seeking out new opportunities and following market trends, a company can ensure that
the quality and price level of the services provided by suppliers stay competitive. The other option is
to acquire services and solutions via a tendering process.
Digitalization has also set in motion new trends that affect the marketplace, such as:
consumerism, which pushes for better user experience and easiness of use for business
solutions, because the end users use the same devices (laptops, tablets and phones) and
applications for both business and consumer purposes.
virtualization, which enables sharing the same computing and data storage capacity between
a very large number of users which, in turn, leads to greater storage capacity at lower costs
provided by large data and computing centres called clouds.
In order to keep up with market trend requirements and to ensure the business purpose fit and costefficiency of services, companies often prefer to source services instead of providing them in-house.
www.itforbusiness.org
PAGE 59
Sourcing strategy is defined based on the companys business requirements. Companies may choose
to outsource their IT services partially or in full, or in rare cases, decide to run IT as an in-house
function. In all these cases, Sourcing and Supplier Management should have clear goals and a longterm perspective, and operate in a close relationship with the supplier ecosystem. Well-managed
sourcing benefits both the buyer and the supplier. A healthy balance of supply and demand leads to a
www.itforbusiness.org
PAGE 60
more sustainable and productive collaboration, in which Sourcing is the strategic coordinator.
Sourcing has two principal roles: the sourcing role refers to acquiring suppliers, solutions and services
as specified by Service Portfolio Steering. The development role refers to finding and evaluating the
emerging technology opportunities and solutions introduced by suppliers that may evolve into new
business concepts. Adequate involvement of Sourcing in supporting or development roles ensures
that no opportunities will be missed, and that serious flaws that could be challenging and costly to
correct at later phases in Project or Service Management are avoided.
On the operational level of supplier management, Sourcing interacts with Service Integration within
the Service Management function. The contribution from Service Integration to Sourcing can include,
for example, the following:
providing reports on operational performance levels to Service Managers and Sourcing
assisting suppliers in optimizing their service delivery and improving their quality
monitoring the service contract and performance management, especially in multi-sourcing
environments
When deciding on the sourcing of IT, the following points need to be considered: the companys
general sourcing principles with respect to service and quality requirements; the scope of operations;
enterprise architecture; service scalability and flexibility regarding future plans; continuity; and total
costs.
Active cost and performance control is mandatory, not only at the sourcing stage, but throughout the
life cycle of the service.
www.itforbusiness.org
PAGE 61
In practice, the role requires expertise, negotiation skills and active participation to ensure that
tendering and contracts are managed professionally and are in line with agreed principles. Even
though the role includes defining these sourcing principles, the decision-making responsibility
belongs to the Service Portfolio Steering, as defined in the companys responsibility assignment
matrix.
Sourcing and Service Management need to work together to regularly evaluate suppliers service
levels, supplier-related risks, and future service needs. Generally, either the Sourcing or Service
Manager is responsible for tactical supplier relationships, but in wide-ranging partnerships, it is often
necessary to appoint a dedicated Supplier Relationship Manager.
The Legal Counsel, together with the Sourcing Manager, ensures that contracts and sourcing
principles protect the interests of the company from a legal point of view. When necessary, Legal
Counsel also participates in negotiations. ICT jurisprudence requires special expertise and is thus typically outsourced.
www.itforbusiness.org
PAGE 62
In the IT Standard, sourcing is described as part of IT. However, the roles described above may also
appear as a part of the companys general sourcing function where IT constitutes a category within
the centralized sourcing organization.
www.itforbusiness.org
PAGE 63
Figure 4.1.2 IT services require seamless cooperation between Business, Sourcing, Project Management
and Service Management.
www.itforbusiness.org
PAGE 64
www.itforbusiness.org
PAGE 65
www.itforbusiness.org
PAGE 66
Multi-sourcing is one of the possible strategies. Multi-sourcing refers to the creation of a manageable
group of suppliers and/or internal providers that can provide all the required services, and that may
www.itforbusiness.org
PAGE 67
www.itforbusiness.org
PAGE 68
www.itforbusiness.org
PAGE 69
Sourcing helps Business consider dependencies and compliance issues and to choose the best
alternative. The purchasing decision is made by the Business Owner together with Service Portfolio
www.itforbusiness.org
PAGE 70
Steering, but Sourcing typically manages IT-related contracts with the support of Service Integration.
A successful negotiation process requires a clear negotiation strategy and pre-defined roles for the
assigned tasks. Sourcing sets negotiation targets and leads the discussion during the negotiations.
The business representatives bring in their expertise related to business needs, whereas Legal
Counsel evaluates jurisprudence, terms and conditions, and the protection of assets. If the purchase
involves relocating or re-assigning of personnel, a Human Resources representative also takes part in
the negotiations.
The result of a successful negotiation process is a contract that satisfies both parties. When the
contract is made, it should cover all aspects of the agreement, as only what appears in the contract is
included in the agreement. For example, the following should be clearly stated:
Risks, responsibilities and the governance model: One major risk in a customer-supplier
relationship is that the service will not be developed according to the business needs.
Therefore, it is important to have a governance model that emphasizes the strategic and
tactical development rather than the operative follow-ups.
Penalties: The compensation by the supplier in case of failure to meet the agreed service
levels, and the terms for contract termination need to be agreed.
Expiry: The details related to contract expiry are registered in the contract expiry plan, which
is a document that is updated throughout the entire contract period.
After reaching an agreement, Sourcing ensures that the project and service organizations are made
aware of the conditions of the contract. Sourcing is also responsible for evaluating the results of the
negotiations.
www.itforbusiness.org
PAGE 71
www.itforbusiness.org
PAGE 72
www.itforbusiness.org
PAGE 73
www.itforbusiness.org
PAGE 74
Medium-sized Companies
Net sales category 100 M, decentralized operations
Supplier management is centralized and contracts are based upon a mutual set of terms and
conditions. The Sourcing and Supplier Strategy provides guidelines for supplier selection.
A medium-sized company should consider centralizing purchases to a few carefully selected
suppliers, thus strengthening its role as a key customer. The most productive cooperation is often
established between two companies of similar size. A medium-sized company has limited possibilities
to receive the best possible service from large IT service providers. On the other hand, the suppliers
www.itforbusiness.org
PAGE 75
capacity and service offerings for small companies would no longer be adequate for a medium-sized
company. Therefore, a medium-sized company may face challenges in finding appropriately scaled
services and suitable service providers.
Large Companies
Net sales category 1 000 M, operating internationally
Centralized sourcing is the key to leveraging the volume advantages of a large company. Furthermore,
requirements specification, tendering and evaluation become all the more important as business
needs increase.
Well-functioning partnerships with strategic key suppliers should be established and maintained, so
that the suppliers are able to provide a comprehensive range of services for the entire business. Large
companies may also be able to influence the development of the ecosystems they use. Organizing
sourcing as a continuously operating function is essential.
www.itforbusiness.org
PAGE 76
Sourcing acquires the best services and solutions as specified in the IT strategy and IT development
plan. Sourcing is well acquainted with the new opportunities offered by vendors, organizes the
tendering process for purchases, negotiates terms and conditions, and supports the daily
management of projects and services. When organized professionally, Sourcing enables operational
efficiency of IT and helps IT to support business. Sourcing and Supplier Management covers the entire
life cycle of services.
www.itforbusiness.org
PAGE 77
www.itforbusiness.org
PAGE 78
5.1 Overview
Project and Development Management Significance and Objectives
Continuous and effective development is essential for every competitive organization. Saving costs in
operations and investing in development enables the organization to create new business solutions
required especially by digitalization. If an organization is able to save 20% in service costs through
Sourcing and Service Management, it can even double its investments in new solutions and services. If
these new solutions replace legacy applications and simplify architecture, the organization is able to
achieve further savings, and as a consequence, afford the investments required by digitalization.
www.itforbusiness.org
PAGE 79
www.itforbusiness.org
PAGE 80
solutions.
A project or change can also be part of a bigger business-driven initiative called a program. Programs
are derived directly from strategic initiatives and are formed in situations where the change is rolled
out to many business units as sub-projects. The program manager manages the program with the aid
of project organizations.
www.itforbusiness.org
PAGE 81
Figure 5.1.2 The Development Management Office and Different Formats of Development.
Projects are governed by their nominated steering groups, which report to Portfolio Steering at Gate
Review Meetings. A Project Steering Group consists of representatives of the business and project
organizations. The duties of the Project Steering Group, with the support of the DMO, include ensuring
that the project creates value for the Business; providing the project organization with guidelines,
decisions, and support; and ensuring that the targets of the project are met. The Project Steering
Group approves changes to the schedule, budget and scope of the project. The members must have
adequate decision-making and resourcing authority as well as sufficient subject knowledge. The
Project Steering Group must also escalate decision-making when needed.
Project roles
The Project Owner is typically the head of the business unit or a Process Owner. The Project Owner is
responsible for the projects progress and quality towards business and is usually the chairperson of
the Project Steering Group. The Project Owner is also responsible for approval and endorsement of
the project deliverables. Furthermore, the Project Owner carries the main responsibility for executing
and tracking the realization of business benefits.
www.itforbusiness.org
PAGE 82
Project Manager is responsible for daily project management and ensures that the project produces
the agreed deliverables at the appropriate level of quality. Moreover, the Project Manager has the
responsibility of ensuring that the project is implemented on schedule and within budget. The Project
Manager also handles project-related changes and escalations to the Steering Group.
www.itforbusiness.org
PAGE 83
Project Manager is a role and not a title. A role means a set of responsibilities, functions and
authorizations, which are given to a person or a group of people based on their competence. One
person or a group can have several roles. However, this role requires dedication and time, and some
organizations have a precondition that the Project Manager has to dedicate at least 80% of his or her
time to the role.
Project Manager is responsible for project management communication. The role reports the project
status to the Steering Group and acquires the needed decisions. To ensure that the project runs
smoothly, the Project Manager must have adequate authority for minor project-specific changes.
Business Lead is someone with the authority and ability to be the projects face towards business. The
Business Leads main responsibility is to consult during Project Planning and to ensure that the
designed and developed solution addresses the initial needs as specified by the respective line of
business. The Business Lead usually executes the Rollout stage together with the Training Manager.
Other key roles typically included in a project team are an end-user representative (Super User, Key
User), a technical lead, process owners as well as those responsible for testing and quality assurance.
People responsible for communication, competence development and training must also be involved.
The roles and responsibilities are defined at the latest in the Planning stage.
www.itforbusiness.org
PAGE 84
www.itforbusiness.org
PAGE 85
www.itforbusiness.org
PAGE 86
www.itforbusiness.org
PAGE 87
www.itforbusiness.org
PAGE 88
www.itforbusiness.org
PAGE 89
www.itforbusiness.org
PAGE 90
As a result of the planning process, the project cost estimate and organizational change predictions
become more accurate. The change estimates include role description changes as well as changes to
current processes and systems. The project receives appropriate follow-up metrics (KPIs) as well as
plans for communication and the management of quality and organizational change. While the
Conceptualization Gate 0 (G0), can be approved by Project Steering Group, the Planning Gate 1 (G1) is
further validated by Project Portfolio Steering. Portfolio Steering grants funding and determines
decision-making limits for the rest of the project based on all of the information available.
Recurring management tasks throughout the various phases of a project include change management
and communication, quality assurance, risk and readiness assessment, and architecture reviews.
www.itforbusiness.org
PAGE 91
www.itforbusiness.org
PAGE 92
Because projects are by nature in a continuous state of change, they have many more uncertainties
than continuous operations. The uncertainties are often followed by needs for change to which
professionally run projects apply well-defined methods. Costs resulting from project changes are
subject to the 1 10 100 rule, meaning that the cost will be multiplied, depending on whether the
change is made at the Planning (1 unit) or Development stage (10 units) or at Transition to production
(100 units). In large projects and multi-project programs the importance of managing risks,
requirements and resources increases; hence, the Business Case must be validated at each Gate.
www.itforbusiness.org
PAGE 93
www.itforbusiness.org
PAGE 94
After the Rollout, the project is closed. Project completion includes an evaluation of how well the
targets were met, approval of project deliverables, and documentation of any further development
ideas and unresolved issues. Deliverables and post-project service responsibilities and warranty
periods are recorded in the Service Handover Documentation. In addition to preparing the actual final
report, it is important to conduct a feedback survey across stakeholder groups as well as to document
the lessons learned and experiences gained during the project.
www.itforbusiness.org
PAGE 95
www.itforbusiness.org
PAGE 96
www.itforbusiness.org
PAGE 97
Medium-sized Companies
Net sales category 100 M, decentralized operations
As the size of a company and the number of stakeholders grows, so does the importance of project
business cases as well as proper prioritization and preparation.
When the operating environment expands, increasing attention must be paid to project steering,
execution and rollout. Moreover, the importance of well-established project management models
increases. In medium-sized companies, there are many projects ongoing at all times, requiring a
shared project management culture.
Large Companies
Net sales category 1 000 M, operating internationally
Large companies have numerous active projects running simultaneously, and their project culture is
well established. A Project or Development Management Office (PMO/DMO) is often set up to organize
project activities and to develop uniform project management models and practices.
Programs are prioritized and resourced with the help of a project portfolio to achieve the most
beneficial outcome for the companys business.
Due to the size and diversity of the operating environment, training and well-managed transitions to
production are of particular importance. All projects strive for maximal business value and common
operational models.
www.itforbusiness.org
PAGE 98
Typically, very large companies have a dedicated function for managing project resources.
The management of business strategy takes place with the help of a project portfolio. The project
portfolio is a tool for management. The balance and maximal value of the project portfolio as well as
its alignment with business strategy are taken into account in decision-making.
Figure 5.9 The focus of Project Management changes with the size and complexity of the company.
The aim of projects is to deliver current or new practices, systems and services for the purpose of
achieving the targets defined in the companys business strategy or IT strategy.
In the absence of business demand and steering, justification for a project ceases to exist. Projects are
managed so that they achieve the specified goals on schedule, within budget and with the required
level of quality.
www.itforbusiness.org
PAGE 99
www.itforbusiness.org
PAGE 100
6.1 Overview
Digitalization impacts on Service Management, adds speed and agility to reliability and scalability as
the key business drivers. This can sometimes result in favoring cloud-based applications that require
no IT management at all. This approach, however, does not take into account that there is a need for
integration and compliance with corporate data and security policies. The role of Service
Management is to address the business needs and be able to combine agility with reliability.
www.itforbusiness.org
PAGE 101
documented service environment, efficient operational models, strict compliance with governance
processes, as well as adequate skills and capabilities.
The services offered by IT must conform to the continuously changing requirements and needs of the
business. Service Management is responsible for the continuous improvement and development of
services, while, at the same time, it needs to constantly manage and monitor performance in order to
ensure the business purpose fit and quality of services.
Service Management consists of the following key functions:
Service Portfolio Management
Enterprise Information Management
Service Development and Design
Service Integration and Quality
Service Transition and Operations
Self-Service and Automation
www.itforbusiness.org
PAGE 102
Service Management consists of two main elements: service development and service operations (see
the picture above). Service Owners have an end-to-end responsibility for the services. They have a
good understanding of business needs and are in charge of developing and maintaining the service
development roadmap. Service Owners define the required service levels in operations and ensure
operational performance. Service Manager is a very common role name and is used to describe
various functions, but typically it refers to service ownership at lower levels. A Service Manager is
responsible for developing services and plays a key role in projects as well as product releases. The
primary objective of the Service Manager is to provide better services at a lower cost.
The quality of operations is assured by the Service Management Office (SMO), staffed by Service
Integration Managers. The SMO together with the Service Desk executes Service Integration and
Management (SIAM) over all services. The Service Desk is the front-end taking care of users, while SMO
is the back-end function taking care of suppliers and processes.
www.itforbusiness.org
PAGE 103
Business steering is organized into two functions: Service Portfolio Steering is the highest-level service
governance body responsible for approval of major development initiatives, while the Change
Advisory Board (CAB) governs changes. The Service Owners, supervised by the Head of Services, are
responsible for managing the Service Portfolio and for maintaining the service roadmaps for Service
Portfolio Steering. The Chairperson of Service Portfolio Steering should be an executive-level business
representative. The Change Advisory Board supports the Change Manager, a role within SMO, in the
assessment, prioritization and scheduling of changes. The CAB includes representatives from
business, IT and supplier organizations. Business is typically represented by Key Users.
www.itforbusiness.org
PAGE 104
www.itforbusiness.org
PAGE 105
www.itforbusiness.org
PAGE 106
www.itforbusiness.org
PAGE 107
www.itforbusiness.org
PAGE 108
Service Design is defined with the help of the Service Architecture. It is composed of four elements:
Service Catalog
Service Roadmap
Service Delivery Model
Service Structure
The Service Architecture should be as clear and simple as possible. Together with professional
sourcing of services and a business-value driven implementation of a unified Service Roadmap,
Service Architecture helps achieve an optimal service structure.
www.itforbusiness.org
PAGE 109
Service Architecture has a significant role in aligning processes and systems as well as in enabling
purposeful service development and lifecycle management. Key Service Providers should be
committed to and included in the development of the Service Architecture.
The Service Architecture (SA) is managed by Service Owners. Each Service Owner is responsible for a
Service Domain or a specific service. Typically organizations have five to ten Service Domains such as
the following:
Sales and Marketing Solutions
Production and Supply Chain Solutions
R&D and Engineering Solutions
Business Support Solutions
End User Services, i.e. Workstation and Collaboration Services
Infrastructure Services, i.e. Capacity and Connectivity Services
The Service Catalog is a definition of services provided by company IT. It makes IT services more
understandable and concrete, and is in fact the basis for developing, organizing, delivering and
improving IT management. In addition, it creates a link between business and IT by explaining which
services are available, and what components each of these services encompass. The Service catalog
helps demonstrate the service focus of IT and the produced value for business.
The Service Delivery model is defined in cooperation with Sourcing. Possible delivery models for
continuous services include near or offshoring and cloud services. The service delivery model should
decide if, and which, services are sourced, and which Service Providers are preferred. It should also
define whether services are purchased as end-to-end services, as separate service components, or by
building so-called service towers (stack of services) that utilize the most suitable supplier for each
service area. The size and operational model of a company will, to a large extent, define the best
delivery model.
The Service Roadmap is a plan for developing a service or Service Domain with information on the
scope, schedule, costs and business benefits of each of the initiatives. Each development initiative is
carried out as a project, service release or change.
The Service Structure includes definitions of the logical structure of the service, service relations and
responsibilities. Service Structure defines the highest-level elements of the Configuration
Management Database (CMDB).
www.itforbusiness.org
PAGE 110
www.itforbusiness.org
PAGE 111
Figure 6.5 The Service Management Office (SMO) manages SIAM processes with the Service Desk.
www.itforbusiness.org
PAGE 112
www.itforbusiness.org
PAGE 113
www.itforbusiness.org
PAGE 114
www.itforbusiness.org
PAGE 115
www.itforbusiness.org
PAGE 116
Medium-sized Companies
Net sales category 100 M, decentralized operations
A geographically decentralized company must implement a clearly defined Service Management
model that defines roles, responsibilities and processes across business operations. As the basic
corporate infrastructure of companies of this size is usually partly outsourced, effective service
production and planning of services is impossible without uniform operating models. The need for
systematic and well-organized vendor management, monitoring of service levels and effective
incident control increases as the operating environment becomes more complex.
www.itforbusiness.org
PAGE 117
Large Companies
Net sales category 1 000 M, operating internationally
Large companies must make a conscious decision whether to centralize or decentralize their service
operation. A successful requirement assessment and the mobilization of services together with
business operations are only possible when using productized services. The service requirement
assessment and rollout must consider the laws and practices of different countries while also taking
into account the multi-vendor environment. In addition, the importance of service ownership
increases: a single person cannot assume the responsibility for the entire service portfolio of a large
company. The implementation of the SIAM concept enables efficient operations in a multi-vendor
environment.
www.itforbusiness.org
PAGE 118
Figure 6.9 The focus of Service Management changes with the size and complexity of the company.
www.itforbusiness.org
PAGE 119
www.itforbusiness.org
PAGE 120
Maturity Analysis
IT Standard maturity analysis is a way to assess the current state of a companys IT operations and to
determine the areas that need improvement. It consists of performing assessments based on the
CMMI (Capability Maturity Model Integration) scale for each IT function within the company.
www.itforbusiness.org
PAGE 121
The maturity analysis can be done through six levels of development ranging from completely
unorganized, impulsive ad hoc processes to the highest level of well-managed and orderly, systematic
operations. It is performed as a self-assessment. Each assessed IT function gets a score according to
the maturity level it best corresponds to.
www.itforbusiness.org
PAGE 122
Score
Description
The task is
quantitatively
managed. The causes
for deviations are
clarified and the
development of taskrelated processes is
continuous and
innovative.
Each different IT function gets a score according to the maturity level scale. In the basic framework
illustration of IT Standard, also known as the grid, there are altogether 28 functions. The maturity
assessment helps to determine the current level of maturity in a certain function and to set the target
levels. Based on the results the company can better decide where to focus the development efforts.
The company will also learn a general opinion about its IT maturity and if there are gaps in
communication. In addition, it gives the awareness whether the business view and the IT views are
aligned as well as the possibility to benchmark the companys IT maturity against others in the
industry.
www.itforbusiness.org
PAGE 123
The deployment of the IT Standard should be as pragmatic as possible. Proceeding in phases, the
deployment process begins with an effort to understand what is essential and what will be the focus of
improvement. Only after this the improvement measures are identified and setup as projects.
www.itforbusiness.org
PAGE 124
ITIL
ITIL, formerly known as Information Technology Infrastructure Library, is a set of guidelines and best
practices for IT service management (ITSM). It is a registered trade mark of AXELOS Limited. ITIL
focuses on aligning IT services to the needs of business and supports its core processes. It is
structured and published in five core volumes: Service Strategy, Service Design, Service Transition,
Service Operation and Continual Service Improvement.
The framework that ITIL provides can be adapted and applied to all business and organizational
environments. It includes guidance for identifying, planning, delivering, and supporting IT services.
When successfully adopted, ITIL can help improve services, which in turn can mitigate business risks
and service disruption, improve customer relationship, and establish cost-effective systems for
managing demands for services.
CMMI
CMMI, Capability Maturity Model Integration, is an internationally known reference model
developed through best practices that provide guidance for improving processes that meet the
business goals of an organization. It was developed by industry experts, governments, and the
Software Engineering Institute (SEI).
www.itforbusiness.org
PAGE 125
CMMI improves processes for an organization to show measurable benefits for their business
objectives and vision. An organization can organize and prioritize its methodologies, people, and
business activities through the framework provided by CMMI. The framework supports coordination
of multi-disciplinary activities and systematic thinking.
COBIT
COBIT 5 (launched in 2012), The Control Objectives for Information and Related Technology, is owned
and supported by ISACA. It was originally released in 1996 as COBIT. The current version 5.0 consist of
COBIT 4.1, VAL IT 2.0, and Risk IT frameworks.
COBIT 5 helps to create optimal value using IT by maintaining a balance among benefit realization,
risk optimization, and resource usage. The framework covers both business and IT units in the whole
organisation. It provides metrics and maturity models to measure whether or not the IT organization
has achieved its objectives. In addition, it also balances the needs of internal and external
stakeholders.
PMBOK
PMBOK, a Guide to the Project Management Body of Knowledge, is a guide to the internationally
recognized project management methods by the Project Management Institute (PMI). PMBOK is a
standard that is widely accepted and acknowledged as basis for most project management methods.
PMBOK provides an in-depth description of the required content and fundamentals of a project, but
does not focus on giving hands-on implementation advice. Practical guidance is offered by other
models such as PRINCE2. It is based on five basic processes: Initiating, Planning, Executing,
Controlling and Monitoring, and Closing.
PRINCE2
PRINCE2, Projects IN a Controlled Environment, is a de facto standard project management method
owned by the UK Cabinet Office. PRINCE2 complements the PMBOK model by providing a process-
www.itforbusiness.org
PAGE 126
based and practical guidance with ready-to-use templates for Project Managers and Project Steering
Groups in the different phases of a project. PRINCE2 ensures greater control of resources and effective
management of business and project risks.
For example, the seven principles of PRINCE2 state how a project should be run throughout its lifecycle: a project must have a business justification, clearly defined roles and responsibilities in all
phases and processes, managed by stages to provide detailed and timely planning, defined tolerances
for management by exception, product focused delivery where project methods are tailored to fit this
particular projects needs, and learning from experience to continuously improve organizations
project culture.
ISO/IEC 20000
ISO/IEC 20000 is a service management system (SMS) and the first international standard for IT service
management. It is owned by The International Organization for Standardization (ISO) and the
International Electrotechnical Commission (IEC). It is broadly aligned with ITIL.
The ISO/IEC 20000 has two parts. The first part defines the formal requirements for high-quality
production of IT services to the business. IT includes criteria for planning, service management, and
service production as well as for customer / supplier management. The second part describes the
processes of service production largely in the same way as the ITIL processes while focusing, however,
more closely on customer/supplier management processes.
ISO/IEC 38500
ISO/IEC 38500 is a standard providing general principles on the role and IT governance of
management with business responsibility (for example, Board of Directors and Management Team). It
can be widely applied to all kinds and sizes of organizations for example public and private companies
and non-profit organizations.
The standard supports business management in their supervision of the IT organization and helps
them ensure that IT has a positive impact on the companys performance. The standard consist of six
principles:
www.itforbusiness.org
PAGE 127
1. Responsibility
2. Strategy
3. Acquisition
4. Performance
5. Conformance
6. Human behaviour
Adherence to the ISO/IEC 38500 standard can assure management of conformance with good
governance
TOGAF
TOGAF is an Open Group Standard enterprise architecture framework that allows organizations to
have a structured approach for governing the implementation of technology, in particular the
software technology design, development, and maintenance. It was first published in 1995 and was
based on the US Department of Defence Technical Architecture Framework for Information
Management (TAFIM). It has been since developed by The Open Group Architecture Forum and
released in regular intervals on the Open Group public website.
TOGAF improves business efficiency by ensuring consistent methods, communication, and efficient
usage of resources. It ensures industry credibility with a common language among enterprise
architecture professionals.
www.itforbusiness.org
PAGE 128
www.itforbusiness.org
PAGE 129
8.1 Summary
The IT Standard for Business is a hands-on IT management framework for companies and
organizations of all kinds. The IT Standard employs the best international industry practices, while
providing a more comprehensive and practical approach to business-oriented management. The IT
Standard is written in everyday language and benefits business executives as much as IT
professionals.
Digitalization changes how organizations relate to their customers, master products and services, do
preventive maintenance and add totally new functions and features to their existing offerings. Thus it
is a central part of operations, which in turn affects the way strategic decisions are made. In this
version of the IT Standard, digitalization is considered in every stream.
The IT Standard consists of five streams covering the operation of the entire IT organization:
Enterprise Development
Strategy and Governance
Sourcing and Supplier Management
Project and Development Management
Service Management
Enterprise Development integrates the different streams and links IT management to management of
the companys business. Each stream is introduced and contains the significance and objectives, the
required roles and competence, and the functions and purposes. For each stream, its nominal weight
in companies of different sizes is discussed.
The main points of the IT Standard can be summarized as follows:
Digitalization strategy and initiatives need a driver and control mechanism for the companys
IT operations and their development which can be found in Enterprise Development. It is
imperative to gain commitment from Business and IT for common objectives. There is also a
need for business processes and concepts, decisions on development priorities and
investments to ensure business continuity.
The IT function needs governance in order to ensure that the IT strategy, the operating model
and competence support the achievement of corporate objectives. Furthermore, IT costs need
to be well-managed and allocated appropriately, fairly and transparently.
www.itforbusiness.org
PAGE 130
New trends such as consumerism and virtualization emerge due to digitalization. Companies
need to ensure business fit and cost-efficiency of services through efficient sourcing. There is a
need to actively maintain quality and cost levels, for a strong negotiating position and market
price awareness.
Many organizations have more and more development initiatives which are scoped beyond
projects and therefore need a Development Management Office because Project Management
Office oversees mainly just projects. Development Portfolio Steering has the mandate to
approve or reject the classified and prioritized development initiatives.
The impact of digitalization to business include adding speed and agility to reliability and
scalability. Additionally, there is a need to consider integration and compliance with corporate
data and security policies. One of the most important tasks of IT is to provide services that
efficiently support the business. There is a direct link between the quality of IT services and
business efficiency, since more and more business processes are supported by IT services.
The deployment of IT Standard is executed in iterative steps. The process starts with a maturity
assessment that is performed for all functions described in the IT Standard. The assessment is used to
identify the needs for development and for fixing them one by one according to their level of urgency.
When IT is managed in accordance with the IT Standard, companies can ensure business continuity. It
is capable of informing businesses of new opportunities and innovations made possible by advanced
information technology systems. By following the IT Standard, risks and challenges brought forth by
digitalization can be mitigated. The IT Standard give basis for improved profitability and costefficiency of the company and creates the foundation for growth with the help of scalable solutions.
More importantly, the joint development of the IT Standard guarantees a company with best practices
from the various industries.
www.itforbusiness.org
PAGE 131
www.itforbusiness.org
PAGE 132
www.itforbusiness.org
Powered by TCPDF (www.tcpdf.org)
PAGE 133