It Standard For Business

www.itforbusiness.
org
PAGE 1
TABLE OF CONTENTS
IT Standard for Business.............................................................................................................................. 4
Preface .......................................................................................................................................................... 5
IT Standard for Business ................................................................................................................................ 9
Enterprise Development ........................................................................................................................... 12
Overview ..................................................................................................................................................... 13
Business Relationship Management ............................................................................................................. 18
Governance, Objectives and Communication ............................................................................................... 20
Ecosystem Management .............................................................................................................................. 24
Concept Development ................................................................................................................................. 25
Project Portfolio Management ..................................................................................................................... 26
Business Process Development.................................................................................................................... 29
Service Portfolio Management ..................................................................................................................... 32
Enterprise Information Management ........................................................................................................... 33
Focus Areas ................................................................................................................................................. 36
Strategy and Governance.......................................................................................................................... 40
Overview ..................................................................................................................................................... 41
Business Relationship Management ............................................................................................................. 44
Governance, Objectives and Communication ............................................................................................... 45
Strategy and Operating Model ..................................................................................................................... 46
Organization and Competence Development ............................................................................................... 48
Enterprise Architecture ................................................................................................................................ 50
Security, Risk Management and Quality Assurance ....................................................................................... 53
Financial Planning and Control .................................................................................................................... 54
Focus Areas ................................................................................................................................................. 55
Sourcing and Supplier Management ....................................................................................................... 58
Overview ..................................................................................................................................................... 59
Ecosystem Management .............................................................................................................................. 65
Concept Development ................................................................................................................................. 66
Sourcing and Supplier Strategy.................................................................................................................... 67
Category and Technology Management ....................................................................................................... 69
Tendering and Sourcing Process .................................................................................................................. 70
Supplier Relationship Management ............................................................................................................. 72
Performance Management........................................................................................................................... 74
Focus Areas ................................................................................................................................................. 75
Project and Development Management.................................................................................................. 78
Overview ..................................................................................................................................................... 79
Project Portfolio Management ..................................................................................................................... 87
Business Process Development.................................................................................................................... 88
Pre-Study and Business Case ....................................................................................................................... 89
Planning and Commitment .......................................................................................................................... 90
Design, Development and Validation............................................................................................................ 92
Deployment and Training ............................................................................................................................ 94
Business Benefits Realization....................................................................................................................... 96
www.itforbusiness.org
PAGE 2
Focus Areas ................................................................................................................................................. 97
Service Management................................................................................................................................ 100

Overview ................................................................................................................................................... 101
Service Portfolio Management ................................................................................................................... 106
Enterprise Information Management ......................................................................................................... 107
Service Development and Design ............................................................................................................... 108
Service Integration and Quality .................................................................................................................. 111
Service Transition and Operational Readiness............................................................................................ 113
Service Operation and Support .................................................................................................................. 114
Self Service and Automation ...................................................................................................................... 115
Focus Areas ............................................................................................................................................... 117
Tools & Standards .................................................................................................................................... 120
IT Standard Deployment ............................................................................................................................ 121
International IT Management Models and Standards.................................................................................. 125
Summary ................................................................................................................................................... 129
Summary................................................................................................................................................... 130
PAGE 3
PAGE 4
1.1 IT Standard for Business Preface
IT Standard for Business
1.1 Preface
One often hears from business people that IT is very complex and hard to understand for anyone
outside the IT world, and thus difficult to manage. IT Standard for Business (or IT Standard in short)
has been developed to support decision makers both in business and IT to have a holistic picture of
how IT should be managed in order to provide maximum value for business. Since the business needs
should be the main driver in IT management, the emphasis in the IT Standard is on the cooperation
between business and IT.
IT Standard for Business differs from many other IT standards and frameworks because it is simple
and written in everyday language. This makes it useful for everyone who wants to understand how
IT functions should be governed in an organization. The basic framework illustration, called the grid,
gives an overview of the five principle elements of IT management which are the following:
Enterprise Development turns business development initiatives into operational actions in IT.
Strategy and Governance defines how IT operates and creates value for the business.
Sourcing and Supplier Management ensures that the company has the services that best fit its
business purposes.
Project and Development Management is essential for organizations to improve and create new
solutions to succeed in competitive environments.
Service Management offers business-aligned services that ensure efficient and uninterrupted
business operations.
The IT Standard collects the know-how of hundreds of individuals who possess extensive experience
in the IT field. It has been developed with a community of IT professionals and business executives
whose collaboration benefits the entire information society. It is an open source framework, available
for everyone at www.itforbusiness.org and can be freely used to improve the companys IT. Training
partners collaborating with the ICT Standard community can also offer certification courses on IT
Standard for Business (Certified IT Standard Professional) and on IT Management (Certified IT
Management Professional). For more information on further education and certification exams,
please visit the community developing the IT Standard, ICT Standard Forum at www.ictstandard.org.
The first edition of IT Standard was published in 2009 under the title of ICT Standard for Management.
The development was done by an IT management advisory company called Sofigate. Since
publication, the IT Standard raised a lot of interest and was taken into use in numerous Nordic
companies. ICT Standard Forum was then established to develop the framework further and to ensure
PAGE 5
global visibility. Many renowned IT leaders took part in the development of the second version, which
was published in 2012.
This third version is an e-Edition format published in 2015, which includes the results of the extensive
development programs carried out with globally operating companies, such as, Fortum, KONE, Neste,
Pyry, Saab, Sanoma, and VR Group. In addition to the new models and best practices such as the
new IT Operating model, business-focused Project Model and the five elements of Service
Management, this version places special focus on the requirements of digitalization.
Digitalization underlines the importance of professional IT management as it impacts each and every
area of any business today. IT Standard for Business is one of the first widely used management
frameworks that has been thoroughly renewed to fully support digitalization to its full extent. Even if
the actual word digitalization is not found in the name any of the functions of the IT Standard grid,
digitalization runs through the whole IT Standard and impacts every single function.
We hope that IT Standard for Business helps organizations to better manage and develop their IT
functions. In closing, we welcome all feedback, development ideas, and experiences on using the IT
Standard. All new members are welcome to join the community at www.ictstandard.org.
Juha Huovinen
Chairman of the Board
ICT Standard Forum
Katri Riikonen
Head of CIO Innovation Center
Sofigate
PAGE 6
Acknowledgments
The IT Standard for Business 2015 has been developed in cooperation with the Business and IT
executives. The members of the IT Standard development community include:
Editorial Team
Sofigate: Juha Huovinen (Editor in Chief), Katri Riikonen (Managing Editor), Jari Andersson, Ari
Nuutinen, Elena Van Leemput, Jarmo Jtyri, Lotta Deau, Erja Klemola, Jari Raappana, Jori Kanerva,
Menno Huijben,Mikko Talsi, Tuomo Malinen
Special thanks to the following individuals for development and editorial support:
Caruna: Heikki Linnanen (CIO)
City of Helsinki: Ilkka Kautto
City of Vantaa: Antti Yl-Jarkko (CIO), Hannu-Pekka Polttila
Destia: Jaana Saarela (CIO)
DNA: Janne Aalto (CIO), Tiina Moberg
Fingrid: Kari Suominen (CIO), Marko Haikarainen
Fortum: Pekka Eira (CIO), Eero Kukkola, Jukka Rautakallio, Matti Nurmi
HKScan: Tero Lindholm (CIO), Christer Widegren
KONE: Kati Hagros (CDO), Antti Koskelin (CIO), Galith Nabornik, Milla Saaristenper
Konecranes: Juha Pankakoski (CDO), Samuli Pahkala
Lhitapiola: Mikko Vastela (CIO), Jari Koivumki
Neste: Tommi Tuovila (CIO), Esa Nyknen, Marko Mki-Ullakko
Pyry: Vesa Erolainen (CIO), Andy Checkley
Sanoma: Mikael Nurmi (CTO), Antti Kervinen, Turkka Ihalainen
Sofigate: Sami Karkkila (CEO), Antti Glad, Aki Karhu, Ari Nuutinen, Eero Korhonen, Elina Pelto, Heikki
Kylmniemi, Jaana Nurmi, Jarkko Lommi, Jarmo Pyykknen, Juha Kauhanen, Juho Pasanen,
Jukkapekka Riikkil, Jyrki Martti, Kaisa Ala-Jski, Kare Piekkola, Kari Vrnen, Kimmo Koivisto,
Lauri Kivist, Liisa Korkiakoski, Miikka Salmi, Pasi Lahtonen, Pauli Lnnroth, Pavel Haimi, Peter
Westerholm, Petri Havukainen, Pirjo Myyry, Sanna Suomela, Seppo Kainomaa, Tommi Selinheimo,
Tuomo Koskenvaara, Valtteri Rantala
Technopolis: Tommy Kankkonen (CIO)
PAGE 7
UPM: Turkka Keskinen (CIO), Jari Ilmonen, Mikko Wecksten, Timo Kaulio,
Veikkaus: Reni Waegelin (CIO), Timo Paajanen
VR (Finnish Railways): Jukka-Pekka Suonikko (CIO)
PAGE 8
1.2 IT Standard for Business IT Standard for Business
1.2 IT Standard for Business

Introduction
IT Standard for Business is an IT management framework that helps business and IT management to
develop IT into a business enabling function in a company. Although IT Standard is written primarily
for managers, such as CEOs, CFOs, CIOs, and other functions responsible for managing the IT
operations, it is also good reading for anybody wanting to have an overview about IT management.
IT Standard was created because there was a need for a holistic, but concise framework that can be
used both by business and IT. Today, when digitalization is accentuating the importance of IT in every
company, a simplified, straightforward and easily applicable IT management framework will help
companies to quickly adapt to the changing business environment.
The most established models such as ITIL, COBIT, PMBOK and PRINCE2 have been developed for
specific purposes and operations, such as auditing, service management, and project management.
While IT Standard recognizes the need for such models, when going deeper into the daily operations
of IT, it proposes a less detailed model, written in everyday language, to be used for IT management
and decision making.
Figure 1.2 IT Standard for Business gives guidelines for IT Management decision making.
PAGE 9
IT Standard aims to help IT management overcome the challenges faced by many organizations,
especially in respect to the relationship between business and IT. Those challenges can include, for
example the following:
Corporate management has difficulties to grasp the overall IT landscape and understand how
to manage IT so that it can bring more value to the company
IT is not considered a strategic function within the organization and therefore, it is not
developed with the same principles as other functions in the organization
IT professionals often unnecessarily mystify IT and IT management, and make it too complex
to be understood by non-IT professionals
Organizations often lack unified models for business and IT co-operation, decision making and
responsibility sharing
IT struggles to find a balance between fulfilling the business demands and supplying costefficient services to ensure the business continuity
IT Standard provides the solution to these challenges by introducing models, best practices and tools
for formalized, well-governed and effective IT management.
For clarity reasons, IT Standard is written primarily from the perspective of the medium and largesized companies. However, the model also fits small and very large companies because the key
management tasks remain substantially the same irrespective of the company size. At the end of each
chapter in the e-Edition, an example of the recommendations based on the company size.
IT Standard can be used both by private and public sector organizations, although some specific IT
management streams, such as Sourcing for example, may be impacted by some regulations and laws
in the public sector and therefore, further application instructions may be necessary to complement
the guidelines given by IT Standard.
ICT Standard Forum Community That Develops the IT Standard

ICT Standard Forum is a community of international IT and business professionals who develop the IT
Standard for Business. The development work is done collectively by the community members and
shared openly with all. Participating in the development projects and sharing the results with the
whole community ensures that the developed practices and models are continuously improved and
PAGE 10
updated.
IT Standard is available at www.itforbusiness.org without registration. The international community,
called ICT Standard Forum is found at www.ictstandard.org providing additional materials and
information such as articles, news and event information for the community members upon
registration.
PAGE 11
PAGE 12
2.1 Enterprise Development Overview
2.1 Overview
Enterprise Development Definition and Objectives
Digitalization is fundamentally changing every business and industry. Existing business boundaries
are blurring as digital interconnections increase. Value creation and value destruction from
digitalization are rapidly reshaping the whole ecosystem. The success of the business is increasingly
dependent on how well IT succeeds in becoming a business enabler.
Digitalization enables organizations to interact with their customers in a profound way. Digitalization
changes how organizations relate to their customers, deliver products and services, do preventive
maintenance and add totally new functions and features to their existing offerings. With IT, it is
possible to boost the efficiency of operations, create cost savings, and build competitive advantage
through new business models, products, and services enabled by technology. All this is done together
with Business Development or the Chief Digital Officer (CDO) who is responsible for digitalizing
customer and product processes with the support of Marketing and Business Intelligence. Creating a
good customer experience and successfully utilizing the Internet of Things (IoT) requires analytics and
a holistic use of Enterprise Information data.
PAGE 13
Figure 2.1.1 Enterprise Development responsibilities and ownership patterns.
The illustration above helps clarify the responsibilities of IT and Business by showing their ownership
patterns. The CDO looks after the best interest of the customer and develops the customer experience
together with IT and Business. Business is responsible for leading the digitalization of the outer layers
that interface with customers and other important interest groups. IT, on the other hand, is
responsible for end user and business solutions that enable digitalization.
PAGE 14
Enterprise Development is about planning objectives, prioritizing development initiatives, and

developing concepts and processes for digitalization. Enterprise Development is related to Business
Development, but is limited in scope to processes, solutions and data that enable business, while the
latter has focus outside the organizations boundaries in markets and products that create business.
Enterprise Development is the most important driver and control mechanism for the companys IT
operations and their development. The objective of Enterprise Development is to implement
company strategy and business goals by means of information and communication technology; to
make decisions on projects, investments and development initiatives; and to ensure business
continuity. In order for the cooperation between Business and IT to be functional and consistent, they
must share a working governance model, a common language and communication methods.
Key Objectives of Enterprise Development

Implement the enterprise digitalization strategy and initiatives in cooperation between
business and IT.
Maintain a governance structure to gain commitment from Business and IT for common
objectives.
Develop business processes and concepts, decide on development priorities and investments,
and ensure business continuity.
Enterprise Development Roles and Competence Requirements

Good collaboration between business and IT is the essence of effective Enterprise Development.
Business executives have a key role in deciding on development initiatives. In accordance with their
corporate governance roles, they are also key decision makers in Portfolio Management. For this
reason, Project and Service Portfolio Management serve as the ultimate bodies for control and
decision-making in Enterprise Development and IT operations.
Business Engagement Managers (BEM), one for each major business or function, are responsible for
business-IT alignment from strategy to tactical management and for following up on operational
actions. However, the collaboration has many more levels than a single contact person. A modern IT
organization faces business in many ways and needs to carefully build a trusted partner status among
various stakeholders (Figure 2.1.2 How IT is seen by different stakeholders)
PAGE 15
Figure 2.1.2 How IT is seen by different stakeholders.
IT must enable enterprise development. This requires close and active collaboration with all
stakeholders.
Key Partners in Business Development and Digitalization

1. IT Steering Group
2. Project Portfolio Steering Group
3. Service Portfolio Steering Group
4. Chief Information Officer
5. Chief Digital Officer
6. Business Engagement Manager
Enterprise Development connects the other four streams of the IT Standard with a focus on how IT
creates value for the business, and how business can benefit from IT.
All IT-related decision-making that has an impact on business must go through the governance bodies
of Enterprise Development. The interface between Enterprise Development and the other streams of
the IT Standard consist of the following functions:
PAGE 16
Business Relationship Management

Governance, Objectives and Communication
Concept Development
Ecosystem Management
Project Portfolio Management
Process Development
Service Portfolio Management
Enterprise Information Management
PAGE 17
2.2 Enterprise Development Business Relationship Management
2.2 Business Relationship Management

Group IT is organized as a matrix that spans the companys business units and seeks synergies across
all functions. To maintain the specific focus of each business function, IT utilizes Business
Relationship Management.
The role of Business Relationship Management is twofold:
1. maintaining overall responsibility of IT to a specific business unit, and,
2. promoting IT, its services and development initiatives for the business.
A person with this role is called a Business Engagement Manager, Business IT Director, or Head of
Business IT. In their role, they are responsible for IT within their designated business unit(s) or group
function. Business Engagement Managers report to the Group CIO, who has the overall responsibility
for IT.
Responsibilities of the Business Engagement Manager:
Representing business in IT
IT Management Team member with a business focus
Responsible for coordinating business-specific development initiatives with a roadmap
Representing business in governance bodies if there is no other business representative
Representing IT for business

Having an end-to-end responsibility for IT within a business
IT representative in business management whenever decision topics relate to IT
Execution of group IT strategy, initiatives and objectives within a business
Digitalization sets high demands for mature IT operations, but also gives an opportunity for IT to
create more value for the business. When a Business Relationship matures into a strategic
PAGE 18
2.2 Enterprise Development Business Relationship Management
partnership, the characteristics of the cooperation are

Alignment of practices and procedures; IT and business meet at regular intervals
Integration is seamless throughout the organization
Key Performance Indicators (KPIs) are set to measure the operational level of Business
Processes rather than IT operations
Innovation and collaboration are promoted together
PAGE 19
2.3 Enterprise Development Governance, Objectives and Communication
2.3 Governance, Objectives and Communication

Enterprise Development occurs on all levels of an organization, but control and decision-making falls
upon the companys Enterprise Development steering group, called the IT Steering Group in short.
The IT Steering Group must be a permanent function alongside the Project Portfolio Steering Group
and the Service Portfolio Steering Group. The third steering body reporting to the IT Steering Group is
the Change Advisory Board (CAB), which takes care of change management related to existing
services. In addition, there should be project and program-specific steering groups.
All major business operations must be represented in the IT Steering Group. The executive board
member responsible for IT acts as the chairperson of the IT Steering Group. The agenda is prepared by
the CIO. The IT Steering Group sets targets and objectives for IT and leads the communication
between business and IT.
The IT Steering Group is responsible for all initiatives pertaining to Enterprise Development. It also
prepares and introduces proposals to the decision-making bodies specified in the companys
corporate governance model. In practical matters, however, the IT Steering Group is the sole decisionmaking authority.
Large and very large companies typically have steering groups that facilitate and support the running
of IT operations. The chairperson of the Sourcing Steering Group is the Sourcing Director (or, in
his/her absence, the CFO), and the agenda is set by the director responsible for IT sourcing. The
companys Head of Development acts as the chairperson of the Project Portfolio Steering Group, and
the agenda is introduced by the Head of Development Management Office (DMO) or Project
Management Office (PMO). The chairperson of the Service Portfolio Steering Group is the COO, and
the agenda is set by the Head of Services. The CIO supervises the IT Management Team, which is
responsible for decision-making within the IT organization.
PAGE 20
Figure 2.3.1 IT Governance Model.

IT Steering Group
The IT Steering Group is the highest IT decision-making body. It is responsible for approvals of
strategy, architecture, annual action plans and other guiding principles. It also approves changes to
the IT operating model and organizational structure. The IT Steering Group is chaired by a person who
is responsible for IT in the executive board, and the IT Steering Group should have representatives
from all major business units and/or functions. The IT Steering Group is supported by the IT
Management Team that is responsible for preparing the topics approved by the IT Steering Group. The
IT Management Team comprises the heads of the IT function and is chaired by the CIO.
Project Portfolio Steering Group

The Project Portfolio Steering Group commissions projects and directs them throughout their
PAGE 21
lifecycle, including Business Benefits Realization. It reviews the business alignment of the portfolio,
decides the prioritization of initiatives, and resolves conflicts of interest in resource allocation. It
follows up on the status of projects and approves or rejects project continuation at portfolio gate
reviews. The Project Portfolio Steering Group is supported by a DMO/PMO that maintains an up-todate project portfolio dashboard with visibility on the scope, schedule and cost status of each project.
Service Portfolio Steering Group

The Service Portfolio Steering Group governs service development and the service lifecycle model. It
reviews, approves or rejects initiatives for the development of new services or significant updates to
existing services. The Steering Group ensures that
1. services have a good business fit and are aligned with IT strategy
2. performance of services is at the target level
3. new services are developed efficiently and
4. resources and costs are optimized.
The Chairperson of Service Portfolio Steering should be the COO or another executive-level business
representative.
Change Advisory Board (CAB)

The Change Advisory Board (CAB) is responsible for approving or rejecting requested changes. It is
responsible for ensuring that operational quality is not compromised by changes that are loosely
planned, poorly implemented or inadequately tested. The CAB is responsible for governing small and
medium-sized changes to existing services, while the Development Management Office is responsible
for large-scale changes delivered as releases and projects. The Change Advisory Board is chaired by a
Change Manager and the members of the board are Key Users (representing business) and Service
Owners.
Project and Vendor Steering Groups
PAGE 22
The Project Steering Group is responsible for the follow-up and guidance of a single project. It is
authorized to make project-related decisions according to the criteria defined in the Business Case
(including, for example, scope, schedule and budget).
Vendor Steering Groups represent the strategic level of vendor management and should be focused
on the development of services to better fit business objectives and needs.
Figure 2.3.2 An IT management system communicates the essence of IT to Business Management.
PAGE 23
2.4 Enterprise Development Ecosystem Management
2.4 Ecosystem Management

Ecosystems are networks developed around a certain product or service, and are formed by
companies that work together for a greater value to the business. IT should identify the naturally
occurring ecosystems that most benefit the Business. Naturally occurring ecosystems are made up of
vendors whose roles complement each other and in which cooperation is efficient and innovative.
When making sourcing decisions, IT should consider ecosystems and their limitations. By choosing to
work with vendors who operate in the same ecosystem, IT ensures a natural and effective
cooperation. A vendor network built in this way is more efficient than a customer-specific network of
vendors.
In addition, it is essential that IT is aware of the life cycle of an ecosystem. The role of a declining
ecosystem should be reduced and that of a developing one increased. Also, the role of the parties
operating in the ecosystem should be identified. The same vendor can act as the main partner in one
ecosystem and have a minor role in another. When sourcing, the strengths of the ecosystem and the
roles of the service providers in it need to be evaluated, and not just the service providers as single
players.
PAGE 24
2.5 Enterprise Development Concept Development
2.5 Concept Development

Concept Development studies and defines, in an easily understood format, new operational models
and the technical solutions that support them. Concept Development may be triggered by new
business needs, or by new solutions or innovations enabled by IT. Concepts define the best fit-forpurpose way to achieve the target(s).
Characteristically, concepts are not easy to define and their impacts and interdependencies can be
diverse. Concept Development always takes into consideration the costs and organizational impact of
different solutions. Neglected or inadequate Concept Development often results in partial or
insufficient optimization of sourcing, projects and services.
In a globally digitalized environment, the development of businesses, products, and services must
accelerate continuously. IT solutions can either become a bottleneck or enable change. Concept
Development is based on two different approaches with related outcomes and objectives:
1. How can we streamline our business operations using common harmonized services across
different business areas/functions? How can we improve work efficiency and the throughput
time of our processes?
2. Can we innovate new business models, products and services that create new revenue?
In most cases, the key to Concept Development is the digitalization of processes and services.
Business and IT need to have a joint master plan covering gap analysis, strategic initiatives and
allocated resources for digitalization over the entire strategic planning timeframe of the company.
PAGE 25
2.6 Enterprise Development Project Portfolio Management
2.6 Project Portfolio Management

Every company has to collect and prioritize their development initiatives. The decision to implement a
development initiative as a project is made by Project Portfolio Management. The purpose of the
portfolio is to maintain the big picture to avoid sub-optimization, double or overlapping
development efforts and resourcing conflicts.
The four cornerstones of Project Portfolio Management are
1. Common classification supporting prioritization and the balancing of risks. Classification
helps direct resources to development initiatives of strategic importance.
2. A Common project phasing model makes for unified project steering and promotes
understanding of the whole project portfolio.
3. Common reporting practices make it easy to follow all developments on the project, program
and portfolio levels.
4. Common evaluation practices enable project-independent value appraisals.
Typically, the project portfolio is managed by the PMO/DMO that is responsible for keeping the project
portfolio up-to-date, managing project dependencies, and evaluating new project proposals. The
development initiatives in the project portfolio should be evaluated and classified using common
criteria and prioritization. The PMO/DMO supports the Project or Development Portfolio Steering
Group in deciding which projects are started, stopped or postponed and where the focus in the
project portfolio lies.
An essential part of managing the project portfolio and Enterprise Development is assessing how
appropriate the project portfolio is and making decisions on it regularly. Every project in the portfolio
has to have a valid business justification, and all project dependencies must be identified. The
projects in the portfolio often have different Project Managers, so it is very important to identify all
project dependencies and communicate changes clearly.
PAGE 26
Figure 2.6 Changes impact processes and systems to different degrees.
1. Maintaining the Current State. If there is no real process or system development, the current
state is maintained. Small changes might take place in both processes and systems.
2. Replacing Existing Technology. Changing a version of an application due to technical reasons
is an example. Investing in hardware systems also belongs to this same category, unless it
involves process changes.
3. Process Development Project. Business processes can be developed independently without
system changes. However, in most cases, process changes require changes to systems as well.
Development projects that consist of both process and system changes belong to category 4.
4. Business Development Project. Implementation projects for IT systems that support the
companys core processes are Business Development Projects. For example, ERP systems and
PAGE 27
CRM (customer relationship management) projects are included in this category.
Project Portfolio Management can also be organized as a corporate-level function. In this situation, IT
complies with the general company-wide principles of portfolio management.
PAGE 28
2.7 Enterprise Development Business Process Development
2.7 Business Process Development

The company operates via its processes. The quality of business derives from those processes.
Efficient processes use as few resources (time, money, raw materials and labor) as possible and are
predictable. Information systems are becoming ever more central in business process management,
making it vital to keep the development of processes and information systems close to each other.
Processes are typically developed either inside-out or outside-in. The inside-out way focuses on
developing individual processes with single steps. The goal is to remove unnecessary internal work
and waste of resources. Functional organizations focus on internal process efficiency.
In a rapidly changing business environment, process development happens from the outside in. The
goal is to analyze the needs of the market and see how the company can meet the needs via its
processes. This typically requires some sort of matrix or process organization.
PAGE 29
FUNCTIONAL
MATRIX
PROCESS DRIVEN
BUSINESS
Functions have all

power
and responsibility.
Requires a lot of
coordination and
resolving responsibility
conflicts.
Business relies on
networked decisionmaking. Processes are
transparent and fully
accountable.
PROCESS
DEVELOPMENT
Process development
within each function.
Business benefits can
be realized faster with
efficient internal
processes.
Process development
across business
functions. Focus on
developing core
processes. Customer
satisfaction and quality
drive development.
Process development
via networking.
Innovative, adaptable
operation models are
combined from own,
customers and
partners processes.
IT SYSTEMS
Off-the-shelf solutions
are in use for each
function.
Business needs driven

application platforms.
Network decisionmaking is enabled by

service based end-toend service
management systems.
INFORMATION
Funtion specific data

standards.
Common data
standards among
processes.
Common master data.
INTEGRA
TIONCHALLENGES
Integration of systems
and processes
throughout the
company is
complicated.
Challenging to create
data standards when
integrating systems.
Difficult to integrate
services owned by
several parties.
Figure 2.7 Operational models, information systems and the integration of systems.
PAGE 30
Process development is a long-term effort and requires a strong process culture. This process culture
is supported by the companys common process development principles. It is necessary to set goals
and nominate owners for the main processes. The process owner is responsible for process evaluation
and continuous improvement.
PAGE 31
2.8 Enterprise Development Service Portfolio Management
2.8 Service Portfolio Management

From the business point of view, it is essential that IT services are reliable and fit for their business
purpose. Business-driven development initiatives require development of existing and new services.
All these needs must be collected, evaluated and prioritized carefully so that limited resources and
investments can be allocated optimally.
Service Portfolio Management ensures that:
1. Business is provided with the right set of services
2. Services are fit for the business purpose and aligned with IT strategy
3. Performance of the services is at the right level
4. Service development is organized effectively
5. Resources and costs are optimized throughout the life cycle
Service portfolio management should be deployed so that portfolio steering, major decisions on new
services, and significant changes to existing services are carried out on the enterprise level by the
Service Portfolio Steering Group. However, it is also useful to have a fast track for small changes
that need to be done rapidly.
PAGE 32
2.9 Enterprise Development Enterprise Information Management
2.9 Enterprise Information Management

Enterprise Information Management describes how information is governed, classified and structured
throughout the enterprise, and defines the structure for the Core Data of the enterprise. Core Data is
all data that is considered crucial for managing cross-functional processes. Core Data links to the Core
Architecture. The majority of the companys data, such as Master Data, Transaction Data, Reference
Data, etc., can be classified as Core Data.
Enterprise Information Management is the continuous development of people, processes, technology
and operative work to manage information properly and to develop the value of that information.
Therefore, it has a strong link to Enterprise Architecture. Business and IT together should ensure the
following aspects concerning Enterprise Information:
Ownership and responsibilities
Structure and attributes of the data
Access rights and data protection
Maintenance of the quality of data
Utilization of external information
Respect for and protection of intellectual property rights
While some parts of Enterprise Information are common to all functions of the company, others are
strictly local.
PAGE 33
Figure 2.9 Enterprise Information.
Figure 2.9 presents the big picture of Enterprise Information. A company accumulates different types
of data through many sources, e.g. Sales & Marketing, Production and Engineering. The Core Data
consists of crucial information used in multiple company processes and information systems. It helps
in integrating businesses as part of the Core Architecture. The second layer is data in enterprise
applications such as ERP, CRM and PLM, which extend the Core Data to fulfill the needs of specific
PAGE 34
business functions. The outer rim of the figure depicts data that is not likely to be part of Enterprise
Information but is crucial in excelling in business. Such data can be aggregated and analyzed to
become useful information for the company and can be used to increase revenue, cut costs, etc. This
type of data comes in larger volumes and is also referred to as Big Data.
The Internet of Things (IoT) will dramatically increase the amount of Big Data as it generates a large
amount of operational data. Therefore, digitalization increases the importance of Data Management
and adds the challenge for the company to store and analyze data in different volumes. The better
organized the companys enterprise information, the more value can be gained from data.
Enterprise Information Management is a harmonized and unified way of managing all data available
for the organization to use. The goal is to create a procedure to keep information up-to-date and
valuable for the business. Business must be able to trust its data warehouses and systems. Enterprise
Architecture should be responsible for defining the Enterprise Information, while Services are
responsible for maintaining and improving data together with business. The ownership of data should
always be with business.
PAGE 35
2.10 Enterprise Development Focus Areas
2.10 Focus Areas

The focus areas of Enterprise Development are linked to the size and maturity level of the company.
The focus areas for small companies are often related to getting basic IT services up and running and
maintaining them. As the company grows, it becomes more important to manage Enterprise
Development and to have a formalized way of executing tasks and measuring performance.
Companies operating in IT-intensive sectors should adopt operating models that are more advanced
than the size of the company would normally dictate. In IT-intensive companies such as financial
institutions, IT is an essential part of core processes.
Typical Focus Areas in Companies of Different Sizes
Small Companies
Net sales 10M, operating locally
Digitalization opens new doors for each size of organization. In some cases, small companies are the
quickest to react to business changes. Smaller organizations should focus on agility and quick time-tomarket with new solutions.
Finding reliable IT service providers with a service offering that ensures business continuity is crucial
for small companies. Business continuity involves both the availability of information processed and
stored in the company, and the availability of IT services. It is challenging for small companies to
perform this role effectively on their own. This is why finding a good IT service partner corresponding
to the size of the company is recommended.
Properly ensuring business continuity involves monitoring service delivery performance and
managing risks actively (risk awareness, deciding on acceptable risk levels and risk mitigation).
Small companies should strive for formalized decision-making in all projects and investments. This is
important because even though decision-making is fairly straightforward and fast in a small company,
decisions must match business realities (relevance of investment, return on investment, resource
planning etc.).
PAGE 36
Medium-Sized Companies
Net sales 100 M, decentralized operations
Generally, a medium-sized company pursues growth, which is why these companies run several
simultaneous projects involving different business areas. In order to obtain and maintain a realistic
and up-to-date overview of the companys entire IT project landscape, projects need to be divided by
Business Development and Digitalization and assigned to the agreed portfolios. Focused Project
Portfolio Management greatly increases the operational efficiency of medium-sized companies.
A medium-sized company should also monitor the fulfilment of the agreed service levels and make
detailed demands regarding these to its IT service providers, whether external or internal. In
particular, it is essential to ensure that the services and solutions are scalable as the company grows.
When a company is on a growth path, it is time to start collecting, documenting and implementing IT
management best practices. These practices form a solid foundation and baseline for the companys
subsequent process development and will considerably accelerate it. By doing so, IT also enhances its
own role as a significant profit enabler.
Large Companies
Net sales 1 000 M, operating internationally
A large enterprise provides its IT with clear objectives: IT must be one of the companys strategic
functions and fully integrated with Business as a unified Business Development function. This is
reflected in decision-making and commitment, as all development is attached to specific business
areas and is thus owned by them. IT, in turn, undertakes project and development implementation in
a responsible and measurable manner using a standardized Project Management Model.
Large companies face the challenge of managing the increasing complexity of both business and IT
operations. Consequently, within Business Development and Digitalization, the company must make
a number of important and conscious decisions that affect the companys strategy and ways of
working. These decisions include the companys general organization, harmonization of services,
standardization of terminology, and cooperation with other players in the industry.
PAGE 37
Diversity can be managed only when Business Development and Digitalization are a permanent part
of the companys structure and are operated in a fully formalized, organized and measured manner.
Very Large Companies

Net sales 10 000 M, operating globally
The greatest challenge facing IT management in very large companies is how to achieve and maintain
efficiency. In order to survive and succeed in its respective size category, a very large company must
continuously renew itself also in terms of IT. Renewal and efficiency are attainable goals as long as the
company makes sure the following things are taken care of:
The demands placed on IT support the company identity.
Concept and process development is a monitored and accountable operation, performed
under Business Development and Digitalization.
Objectives are clear and concise.
Using Enterprise Information management, companies are able to follow the business
environment and justify transformation efforts.
In very large companies, the need to manage the ecosystems that offer services and solutions is
emphasized. The roles and responsibilities of the company and the ecosystems complement each
other and cooperation is efficient and innovative.
PAGE 38
Figuer 2.10 The Enterprise Development focus changes with the size and complexity of the company.
Enterprise Development is the principal and most important control mechanism for a companys IT
operations. Enterprise Development integrates the other four streams and steers their objectives,
ways of working and operational targets. Smooth business cooperation ensures that the
implementation of the companys strategy and the strategic intent of business areas are supported by
IT.
PAGE 39
PAGE 40
3.1 Strategy and Governance Overview
3.1 Overview
Strategy and Governance Significance and Objectives
Strategy and Governance defines the guidelines for managing IT. Its significance increases in global
companies and when the company faces a business transformation or aggressively pursues growth
and development. Optimally, IT is a core function for implementing changes in a controlled manner.
Whereas Enterprise Development selects development initiatives, Strategy and Governance defines
how to execute them and IT Operations implements initiatives into solutions and services. IT
Operations include Sourcing, Development and Services.
Figure 3.1 IT Governance flow.
Strategy and Governance sets several governing frames to guide the whole IT function in operations.
The IT Strategy, IT Governance and IT Operating Model are the highest-level frames.
IT Strategy defines the vision, mission and targets for the coming three to five years. It also
incorporates an execution plan between as-is and to-be states.
PAGE 41
IT Governance defines how decisions are made and is therefore closely linked to Enterprise
Development.
The IT Operating Model defines how IT creates value for the business how development
initiatives are transformed into reliable solutions and services that meet business needs.
Strategy and Governance defines the organizational structure i.e. what is centralized, decentralized
or sourced. It determines the Enterprise Architecture, which sets guidelines for solutions and their
interoperability. It also provides policies and procedures for IT Security, Quality Assurance and Risk
Management. Budgeting and cost control is one of the governing frames with the most impact.
Key Objectives of Strategy and Governance

Ensure that IT strategy, the operating model, and competence support the achievement of
corporate objectives.
Define and maintain mutually agreed principles, procedures and architecture.
Make sure IT costs are well-managed and allocated appropriately, fairly, and transparently.
Ensure that risks are under control, and that risk management is considered in all streams of
the IT Standard.
Strategy and Governance Roles and Competence Requirements

The Chief Information Officer (CIO) is responsible for organizing IT and developing how IT creates value
for the business. As digitalization and agile development gain ground, it is increasingly important for
CIOs to create a culture of business-minded innovation and continuous improvement. The CIO
ensures that IT management is performed in line with company strategy and good governance. The
CIO can be accompanied by a Chief Digital Officer (CDO), who drives the companys digital
development in customer products and processes. The role is sometimes given to the Chief
Technology Officer (CTO).
In addition to the CIO, the key roles in Strategy and Governance are those of Development Manager,
Enterprise Architect, Information Security Manager and IT Controller. The roles are typically organized
as a CIO Office.
The Development Manager is responsible for developing the IT Operating Model and the related best
practices and competence. As these define how IT creates value for the business, the Development
Manager is one of the most important roles in the IT organization. Typically, the Development
Manager is the head of the CIO Office.
PAGE 42
The Enterprise Architect defines the technology, applications and information (which together become
solutions) required to execute business architecture and processes. The Enterprise Architect, together
with business, defines the current and target state of architecture, and then steers the development of
business capabilities towards the business strategy.
The Quality Manager is responsible for the quality of IT solutions. In a digitalized world, user
experience is one of the most important measures of solution quality, so each business solution must
be easy to use, provide correct information and function properly. The Quality Manager is responsible
for this throughout IT operations.
The Information Security Manager ensures that solutions and information are available only for
intended users and user groups. The Information Security Manager defines practices and policies for
information security and oversees that these instructions are followed.
The IT Controller is responsible for IT budgeting, financial planning and monitoring in cooperation
with the companys financial and IT management. The IT Controller also takes care of internal
invoicing and pricing, ensuring IT costs are allocated accurately.
Strategy and Governance Functions

Strategy and Governance, along with Enterprise Development, steers all IT activities. The stream of
Strategy and Governance consists of the following functions:
Business Relationship Management
Governance, Objectives and Communication
Strategy and Operation Model
Organization and Competence Development
Enterprise Architecture
Security, Risk Management and Quality Assurance
Financial Planning and Control
PAGE 43
3.2 Strategy and Governance Business Relationship Management
3.2 Business Relationship Management

The business-IT relationship is bidirectional: IT adopts business needs and objectives to create and
improve solutions and services, and business makes the best use of IT solutions and services. Many
organizations fall short in the business-IT relationship by excluding an IT representative from business
steering, or by not having business-minded Business Engagement Managers as counterparts for the
business management.
Business Engagement Managers are in a key role in managing diversity and bringing business insights
into Strategy and Governance. The more they contribute to strategy development, the more concrete
and valuable the strategy, architecture and other guiding frames become. However, as there are
conflicting interests between businesses as well as conflicts between short-term business objectives
and long-term IT objectives, it is essential that the group CIO leads both Business Relationship
Management and Strategy and Governance.
PAGE 44
3.3 Strategy and Governance Governance, Objectives and Communication
3.3 Governance, Objectives and Communication

IT should be managed and evaluated the same way as any business unit: IT and Enterprise
Development need to have clear, measurable targets that are followed up. Targets are set separately
for the entire IT function, each sub-function and organizational unit, as well as for each individual.
Targets are based on IT strategy and business objectives. They are prepared by the IT Management
Team and approved by the IT Steering Group.
Measuring increases the transparency of operations and provides an incentive to reach targets. IT
performance is measured in terms of customer satisfaction, cost-efficiency, and the realization of
development targets. Customer satisfaction is usually measured through separate end user and
decision-maker surveys. Decision-makers, more than end users, are expected to provide feedback on
ITs capability to provide value to the business.
IT needs to communicate clearly and frequently to interest groups about the achievements and
upcoming activities in IT. Creating the Communication Plan and executing the tasks in it falls under
the role of the CIO Office. The Communication Plan defines the objectives, target audience, means,
schedules, and responsibilities of communication. A Communication Plan ensures that the messages
are targeted and timed correctly, and at the same time the needs of different interest groups are
taken into account.
PAGE 45
3.4 Strategy and Governance Strategy and Operating Model
3.4 Strategy and Operating Model

IT Strategy is a consistent set of plans and guidelines on how IT supports business strategy and
objectives. As IT includes many relatively long-term elements such as architecture and core
applications, the IT Strategy typically looks ahead three to five years in order to give sufficient
perspective on changes. The IT Strategy is complemented by an Annual Execution Plan that gives a
short-term perspective on strategy and business objectives.
The IT Operating Model defines how IT creates value for the business all the way from decision-making
to user experience. It illustrates how the decision-making in Enterprise Development drives solution
and service development, and results in efficient services with a superb user experience. The key is to
design business-focused value streams that operate according to the best practices and controls set
by Strategy and Governance. Centralized service production promotes efficiency and cost savings.
The dynamics of the IT Operating Model are
1. Unified practices, skillsets and procedures. Creating operating models that facilitate and
promote the use of best practices will reduce risks and increase transparency. It will also lead
to synergies across business units or domains while enabling measurability. (Control)
2. Business-focused solutions. Solutions need to be developed in entities that correspond to
business structure. By selecting the correct partners and solutions, IT becomes agile and fast in
its ability to meet expectations and change requests from the business. (Flexibility)
3. Centralized service production. IT-related assets and services should be purchased in large
volumes to serve shared needs between business domains. However, striving for efficiencies of
scale must not override meeting business domain needs. (Efficiency)
PAGE 46
3.4 Strategy and Governance Strategy and Operating Model
Figure 3.4 The IT Operating Model increases digitalization and reduces operating costs.
The Operating Model splits value creation into three management areas. Strategy and Sourcing are
led by the CIO Office. Development is carried out under the control of the Development Management
Office (DMO). The Service Management Office then delivers user experiences by managing the
services. In shared services and consolidated operations, the emphasis is on cost-efficiency, while in
solution development, the focus is on maintaining a fit to the business purpose.
PAGE 47
3.5 Strategy and Governance Organization and Competence Development
3.5 Organization and Competence Development

The targets of Organization and Competence Development can be divided in two:
Forming an organization that executes the IT operating model efficiently
Developing capabilities and competence in line with IT strategy and targets
There are many ways to organize the IT function, depending on the companys structure, strategy,
management style and business area. IT can be centralized, decentralized, or mixed. It may also be
appropriate to outsource large parts of IT operations.
In all alternatives, IT is organized into four functions (see Figure 3.5 The Elements of the IT
Organization). The IT Steering Group, CIO, CIO Office and Portfolio Steering form the Governance
function. The Business IT function is operated by the Business Engagement Managers and
contributes to Enterprise Development. The Development function covers project and change-based
solution development, while the Services function manages and continuously improves operational
IT. In a modern and lean IT organization, Business IT, Development and Services functions have
roughly the same number of people, as the majority of services and solutions are sourced.
PAGE 48
3.5 Strategy and Governance Organization and Competence Development
Figure 3.5 The Elements of the IT Organization.
IT Competence Development must be based on developing and reinforcing the competence that are
crucial to the implementation of the IT Strategy through the chosen Operating Model. As change
accelerates, competence virtualization becomes one of the keys to success. Competence virtualization
means scaling the organization based on the current actual need using standardized procedures, so
that fast training and on-boarding is possible, and on demand resources can be used to address
competence gaps or other shortcomings.
PAGE 49
3.6 Strategy and Governance Enterprise Architecture
3.6 Enterprise Architecture

Enterprise Architecture helps business management achieve its strategic goals. It supports the
company in creating competitive advantage, reduces risks and enhances cost-efficiency and
scalability. Mergers and acquisitions, outsourcing and major organizational changes all set additional
demands on the flexibility of Enterprise Architecture.
The purpose of Enterprise Architecture Management is to:
Provide a long-term view and facilitate the development of the companys processes, systems
and technologies as well as the execution of the business strategy
Create, manage and develop a holistic, interconnected model of the enterprise that
encompasses processes, information, applications and technology
Ensure consistency and enable integration
Create, develop and manage a holistic, high-level roadmap of engagements and projects that
realize required solutions and to provide a clear path from current state to target state
Enable lifecycle management of the solution portfolio
Digitalization has a major impact on Enterprise Architecture, as businesses flow over enterprise
boundaries and Business Infrastructures expand to cover customers and ecosystems as well. A
traditional monolithic architecture becomes complicated to manage and limits creativity inside
company boundaries. The IT Standard for Business presents an approach that gives more room for
planning the digitalization by integrating business to different ecosystems. The modularity of this
approach allows a more agile development of architecture for different business areas.
PAGE 50
Figure 3.6 The elements of Enterprise Architecture.

Figure above presents the dynamics of an Enterprise Architecture. The Core Architecture consists of
Information, Application and Technology Architectures that are common to all businesses and are
essential in integrating Domain Architectures. A set of tightly interconnected business solutions each
forms a separate Domain Architecture entity. Each entity has a set of common elements and
guidelines called the Core Architecture. Typically, companies have four to six Domain Architecture
entities, and this approach allows flexibility to design the architecture within these separately.
The major focus of this approach is on the vision, future state and business development of the
company, which fall under the Business Architecture layer. The Business Architecture integrates the
various ecosystems, which reach as far as suppliers, customers and even competition.
PAGE 51
Enterprise Architecture must be steered with a clear governance process. Typically, governance is the
main responsibility of the CIO Office, but the organization may also have a dedicated Enterprise
Architecture Office (EAO). The general Enterprise Architecture policies and best practices, derived
from the Operating Model, are the foundation on which the entire Enterprise Architecture is built.
PAGE 52
3.7 Strategy and Governance Security, Risk Management and Quality Assurance
3.7 Security, Risk Management and Quality Assurance

Securing information is a crucial task for IT and is, to some extent, also regulated by law. Information
security, in this context, means protecting information, information systems and telecommunications
from various threats and thus be ready to react promptly. However, information security is not only
about technology, but also the working culture of company personnel. This presents a challenge to
companies as information may be scattered in different systems. Within an ecosystem, information is
generated by various vendors and utilized commonly by users and assets in critical business
processes. Information may also be shared across ecosystems. To ensure business continuity and
defend data against cyber threats in todays changing world, IT must be able to embed security into
the operating model; taking into account IT architecture and implementing it as a part of roles and
responsibilities in daily operations. This is sometimes referred as digisecurity.
IT-related risk management must also be an integrated part of the companys overall management
systems. Risk management means systematically recognizing and preparing for factors that cause
uncertainty and threats to company objectives and operations. Since risks can never be entirely
eliminated, management must define the companys acceptable risk level. Company management
defines risk management policies, applicable methods, responsibilities and tasks for different parties
as well as practices for monitoring and reporting. Business targets and uncertainty factors change
over time, so risk management must also be treated as a continuous process.
Quality assurance keeps IT operations in line with standards and best practices, and ensures that the
quality requirements of IT are met. IT processes must be described and they must aim to produce the
best user experience. Quality assurance needs to be integrated into all IT processes and services.
Quality assurance is not only about the systematic measurement of operations, processes, and
services, but also their continuous development and overall business performance assurance.
Additionally, it means maintaining constant focus on the business value created by IT.
PAGE 53
3.8 Strategy and Governance Financial Planning and Control
3.8 Financial Planning and Control

Financial Planning and Control means proactive financial steering, such as budgeting and forecasting,
that helps predict and prepare for the future investments and costs required by IT. It also supports
steering and planning of IT and business operations as well as related decision-making. Financial
Planning and Control ensures appropriate allocation of financial resources, monitors the profitability
of investments and keeps track of the total costs of IT. Profitability and added value evaluation (value
realization assessment) for projects, purchases and services is also an important part of this function.
PAGE 54
3.9 Strategy and Governance Focus Areas
3.9 Focus Areas

Strategy and Governance is becoming increasingly important in IT management. In recent years, the
demands on IT have evolved from a mere support function into a full business enabler with operating
models and processes. To meet these growing demands, it is essential that IT management is aligned
with business strategy. The focus areas for Strategy and Governance differ with the size of the
company according to the companys objectives. The importance of IT strategy, governance models
and reporting grows along with the company. Diversity management, harmonizing and synergy
become more essential for larger companies.

Small Companies
Net sales category 10 M, operating locally
In small companies, IT management must be well-organized: the roles and responsibilities of
personnel must be described, and the decision-making model needs to be clear.
Basic documentation on IT strategy, information security and architecture ensures that IT
development focuses on achieving the companys objectives. Small companies must also understand
their IT costs.
It is essential for small companies to find the right balance between internal and purchased services.
The amount of purchased services increases with company growth. This emphasizes the role of
competent sourcing with good cost awareness.
Medium-sized Companies
Net sales category 100 M, decentralized operations
Selecting the appropriate centralization/decentralization model for IT is a key priority for Strategy and
Governance in medium-sized companies. Usually, centralized Strategy and Governance is the best
option.
PAGE 55
When a company has several subsidiaries, the development of an IT strategy, governance model and
reporting grows in importance. In addition, a scalable architecture, strategic technology choices and
quality assurance have each an important role.
Large Companies
Net sales category 1 000 M, operating internationally
Diversity management together with increasing operational efficiency through harmonization and
consolidation are the focus areas in an internationally operating company. Large companies should
strive to deploy IT processes and unified information systems that support these processes.
IT needs to invest in adequate competence to support the development of business models and
processes, for example in Enterprise Resource Planning (ERP) and Customer Relationship
Management (CRM), as well as in Enterprise Architecture development.

Net sales category 10 000 M, operating globally
Various types of matrix organizations are typical for very large companies. In such organizations, the
focus is on keeping procedures efficient and benefiting from group-level synergies. Strong Enterprise
Architecture competence are a must and can come from inside or outside of the company.
PAGE 56
Figure 3.9 Strategy and Governance focus changes with the size and complexity of the company.
IT strategy steers the implementation of the IT-related part of the companys strategy, while providing
the direction for IT management. Governance ensures that the operation and development of IT
support the achievement of targets specified in the IT strategy.
PAGE 57
PAGE 58
4.1 Sourcing and Supplier Management Overview
4.1 Overview
Sourcing and Supplier Management Significance and Objectives
Sourcing and Supplier Management ensures that a company has the services that best fit its business
purposes. The marketplace, however, is constantly evolving, and suppliers have to adopt technical
innovations and create new services that must be provided with higher quality and lower prices.
By actively seeking out new opportunities and following market trends, a company can ensure that
the quality and price level of the services provided by suppliers stay competitive. The other option is
to acquire services and solutions via a tendering process.
Digitalization has also set in motion new trends that affect the marketplace, such as:
consumerism, which pushes for better user experience and easiness of use for business
solutions, because the end users use the same devices (laptops, tablets and phones) and
applications for both business and consumer purposes.
virtualization, which enables sharing the same computing and data storage capacity between
a very large number of users which, in turn, leads to greater storage capacity at lower costs
provided by large data and computing centres called clouds.
In order to keep up with market trend requirements and to ensure the business purpose fit and costefficiency of services, companies often prefer to source services instead of providing them in-house.
PAGE 59
Figure 4.1.1 The relationship between development and sourcing.
Sourcing strategy is defined based on the companys business requirements. Companies may choose
to outsource their IT services partially or in full, or in rare cases, decide to run IT as an in-house
function. In all these cases, Sourcing and Supplier Management should have clear goals and a longterm perspective, and operate in a close relationship with the supplier ecosystem. Well-managed
sourcing benefits both the buyer and the supplier. A healthy balance of supply and demand leads to a
PAGE 60
more sustainable and productive collaboration, in which Sourcing is the strategic coordinator.
Sourcing has two principal roles: the sourcing role refers to acquiring suppliers, solutions and services
as specified by Service Portfolio Steering. The development role refers to finding and evaluating the
emerging technology opportunities and solutions introduced by suppliers that may evolve into new
business concepts. Adequate involvement of Sourcing in supporting or development roles ensures
that no opportunities will be missed, and that serious flaws that could be challenging and costly to
correct at later phases in Project or Service Management are avoided.
On the operational level of supplier management, Sourcing interacts with Service Integration within
the Service Management function. The contribution from Service Integration to Sourcing can include,
for example, the following:
providing reports on operational performance levels to Service Managers and Sourcing
assisting suppliers in optimizing their service delivery and improving their quality
monitoring the service contract and performance management, especially in multi-sourcing
environments
When deciding on the sourcing of IT, the following points need to be considered: the companys
general sourcing principles with respect to service and quality requirements; the scope of operations;
enterprise architecture; service scalability and flexibility regarding future plans; continuity; and total
costs.
Active cost and performance control is mandatory, not only at the sourcing stage, but throughout the
life cycle of the service.
Key Objectives of Sourcing and Supplier Management

Analyse the market and bring major technology innovations and opportunities for business
and service development.
Organize and manage the supplier relationship with other stakeholders, such as Service
Management, to continuously improve the cost level and quality of services.
Source services and solutions efficiently, appropriately, and timely from suitable suppliers,
while actively maintaining quality and cost levels, a strong negotiating position, and market
price awareness.
PAGE 61
Sourcing and Supplier Management Roles and Competence

Requirements
Typically, the person responsible for Sourcing is a Sourcing Manager, CIO, Category Manager, IT
Manager or Service Manager. Related to sourcing, the responsibilities of this individual include the
following:
Bring out new technological or commercial opportunities
Plan, facilitate and steer the sourcing process
Review new contracts
Participate in all major sourcing decisions
Define and follow up on sourcing models and principles
Master the supplier ecosystem
In practice, the role requires expertise, negotiation skills and active participation to ensure that
tendering and contracts are managed professionally and are in line with agreed principles. Even
though the role includes defining these sourcing principles, the decision-making responsibility
belongs to the Service Portfolio Steering, as defined in the companys responsibility assignment
matrix.
Sourcing and Service Management need to work together to regularly evaluate suppliers service
levels, supplier-related risks, and future service needs. Generally, either the Sourcing or Service
Manager is responsible for tactical supplier relationships, but in wide-ranging partnerships, it is often
necessary to appoint a dedicated Supplier Relationship Manager.
The Legal Counsel, together with the Sourcing Manager, ensures that contracts and sourcing
principles protect the interests of the company from a legal point of view. When necessary, Legal
Counsel also participates in negotiations. ICT jurisprudence requires special expertise and is thus typically outsourced.
Key Roles in Sourcing and Supplier Management

Sourcing Manager
Service Manager
Supplier Relationship Manager
Legal Counsel
PAGE 62
In the IT Standard, sourcing is described as part of IT. However, the roles described above may also
appear as a part of the companys general sourcing function where IT constitutes a category within
the centralized sourcing organization.
Sourcing and Supplier Management Functions

Sourcing and Supplier Management cover the entire life cycle of sourced services. Sourcing organizes
the tendering process for purchases, negotiates terms and conditions, and supports the daily
management of projects and services, for example, through supplier benchmarking.
The Sourcing and Supplier Management stream consists of the following functions:
Ecosystem Management (part of Enterprise Development)
Concept Development (part of Enterprise Development)
Sourcing and Supplier Strategy
Service Architecture
Tendering and Negotiation Process
Supplier Relationship Management
Performance Management
PAGE 63
Figure 4.1.2 IT services require seamless cooperation between Business, Sourcing, Project Management
and Service Management.
PAGE 64
4.2 Sourcing and Supplier Management Ecosystem Management
4.2 Ecosystem Management

Ecosystems are supplier networks built around a specific service, technology or system. Natural
ecosystems should be preferred, as they are more efficient and innovative than partnerships formed
around a companys sourcing function only.
Management and development of ecosystems is a prerequisite for successful sourcing that supports
business needs. Ecosystem Management is discussed in more detail in Chapter 2, Enterprise
Development.
PAGE 65
4.3 Sourcing and Supplier Management Concept Development
4.3 Concept Development

Concept development refers to the process of planning and defining new solutions or services for the
business. Emerging business needs, such as digitalization, may justify and trigger new technologies
based on concept development.
Concept development, in fact, triggers the entire Sourcing function by introducing various
alternatives for implementation and utilization. Concept development is discussed in more detail in
Chapter 2, Enterprise Development.
PAGE 66
4.4 Sourcing and Supplier Management Sourcing and Supplier Strategy
4.4 Sourcing and Supplier Strategy

The primary objectives of Sourcing and Supplier Strategy are high satisfaction and increased
productivity experienced by end users, in addition to low total cost of ownership. To succeed in
attaining these goals, Sourcing must achieve, maintain and utilize a strong negotiating position
towards the supplier(s). Disciplined Sourcing and Supplier Strategy helps reduce supplier
dependency.
Figure 4.4 The primary objectives of Sourcing.
Multi-sourcing is one of the possible strategies. Multi-sourcing refers to the creation of a manageable
group of suppliers and/or internal providers that can provide all the required services, and that may
PAGE 67
4.4 Sourcing and Supplier Management Sourcing and Supplier Strategy
be substituted for one another if necessary.

Sourcing is responsible for setting and following the selection criteria for suppliers. To manage risk, a
company should choose reliable and solvent suppliers and join ecosystems that are able to deliver
services, systems and products with solid market continuity. In addition to monitoring financial and
operational stability, Sourcing needs to ensure that supplier organizations follow other relevant
company policies such as those related to corporate responsibility.
PAGE 68
4.5 Sourcing and Supplier Management Category and Technology Management
4.5 Category and Technology Management

Sourcing should categorize services in order to have a better understanding about volumes in each
subcategory. Printing is one example of a subcategory and may be present in many different formats:
centralized printing services, special printing in business and personal printers in management
offices, for example. While the first one is under the control of the Service Management function, the
next two may be non-existent from the Service Management point of view. However, Sourcing should
be aware of the total volume of printing with the support of Financial Planning and Control. In other
words, Category Management helps organizations source services in their full scale and scope.
While Category Management views things from the inside out, Technology Management has the
opposite perspective, looking at things outside-in. The task of Technology Management is to follow
the technology trends in the marketplace with the help of technology and service providers. The key
objective is to support Service Management in continuous service improvement by promoting new
technology opportunities, and by ensuring that there are no contractual issues prohibiting the
development. Technology Management proactively monitors, discovers and evaluates emerging
technology opportunities. Therefore, initiating the sourcing process to acquire solutions and services
for new business concepts often falls into Technology Managements task list.
PAGE 69
4.6 Sourcing and Supplier Management Tendering and Sourcing Process
4.6 Tendering and Sourcing Process

Service Portfolio Steering authorizes Sourcing to evaluate solution alternatives based on a Business
Case which is about comparing the end-user benefits and savings provided by the service with the
overall cost of sourcing and producing the service over a defined period. After that, Sourcing can be
authorized to initiate the sourcing process that includes tendering and negotiation processes.
A successful tendering process requires clearly described business needs and requirements.
Business, with the support of Business Engagement Managers, is responsible for defining the requirements, whereas Service Managers typically take care of the formalized specifications and
documentation. Sourcing is responsible for tendering and evaluating the alternative solutions. During
tendering, Sourcing is responsible for documenting conversations and open topics for later use in
negotiations and contract preparation.
Figure 4.6 Tendering and Negotiation Process.
Sourcing helps Business consider dependencies and compliance issues and to choose the best
alternative. The purchasing decision is made by the Business Owner together with Service Portfolio
PAGE 70
4.6 Sourcing and Supplier Management Tendering and Sourcing Process
Steering, but Sourcing typically manages IT-related contracts with the support of Service Integration.
A successful negotiation process requires a clear negotiation strategy and pre-defined roles for the
assigned tasks. Sourcing sets negotiation targets and leads the discussion during the negotiations.
The business representatives bring in their expertise related to business needs, whereas Legal
Counsel evaluates jurisprudence, terms and conditions, and the protection of assets. If the purchase
involves relocating or re-assigning of personnel, a Human Resources representative also takes part in
the negotiations.
The result of a successful negotiation process is a contract that satisfies both parties. When the
contract is made, it should cover all aspects of the agreement, as only what appears in the contract is
included in the agreement. For example, the following should be clearly stated:
Risks, responsibilities and the governance model: One major risk in a customer-supplier
relationship is that the service will not be developed according to the business needs.
Therefore, it is important to have a governance model that emphasizes the strategic and
tactical development rather than the operative follow-ups.
Penalties: The compensation by the supplier in case of failure to meet the agreed service
levels, and the terms for contract termination need to be agreed.
Expiry: The details related to contract expiry are registered in the contract expiry plan, which
is a document that is updated throughout the entire contract period.
After reaching an agreement, Sourcing ensures that the project and service organizations are made
aware of the conditions of the contract. Sourcing is also responsible for evaluating the results of the
negotiations.
PAGE 71
4.7 Sourcing and Supplier Management Supplier Relationship Management
4.7 Supplier Relationship Management

Sourcing is responsible for developing and managing successful supplier relationships by adopting a
clearly defined and structured approach to supplier collaboration. Together with Service
Management, Sourcing maintains supplier relationships with regular meetings that address not only
present services, but also emerging opportunities brought forth by service development and potential
new applications.
Sourcing maintains a list of the companys IT suppliers and identifies the key suppliers amongst them.
It is strategically important to understand whether a supplier is critical, strategic, tactical or
operative. Additionally, based on the individual suppliers impact and value to the business, an
adequate level of collaboration and performance management should be determined for each
supplier.
The list should include information such as the suppliers line of business, profile, contract
information, and the extent of cooperation as well as its monetary value. Sourcing also creates and
maintains the companys IT contract portfolio. The contract portfolio comprises all contracts,
including electronic versions with attachments, as well as location references for the originals.
Sourcing is responsible for the timely initiation and execution of contract revisions. It informs the
Service Managers and Service Portfolio Steering about expiring contracts. These, in turn, authorize
Sourcing to renew contracts and/or initiate tendering. Sourcing ensures that supplier cooperation
runs according to the agreed governance model on the strategic, tactical and operational levels.
PAGE 72
4.7 Sourcing and Supplier Management Supplier Relationship Management
Figure 4.7 Supplier importance for business.
PAGE 73
4.8 Sourcing and Supplier Management Performance Management
4.8 Performance Management

Performance management consists mainly of managing certain key elements to improve the focus
and efficiency of supplier collaboration. Firstly, Sourcing creates a performance management strategy
and a pattern to define the service levels required for the sourced services.
Secondly, Sourcing defines the accurate metrics to measure performance. These metrics need to be reevaluated and adjusted continuously, especially whenever changes to the service level agreement
(SLA) occur. Thirdly, in collaboration with Service Management, Sourcing monitors and manages
supplier performance regularly by utilizing service automation based dashboards effectively.
Finally, continuous evaluation and benchmarking is necessary to ensure that, at a minimum, the
quality and cost level of the sourced services is equal to market alternatives. Benchmarking reports
are provided according to procedures agreed with the supplier.
PAGE 74
4.9 Sourcing and Supplier Management Focus Areas
4.9 Focus Areas

Properly managed Sourcing gains in importance as business environments and service models evolve,
company structures and supply chains become more complex, and competitive pressures mount in
an increasingly global market. These factors create a genuine demand for sourcing skills within IT.
Depending on the selected Sourcing and Supplier Strategy, IT may either centralize or decentralize its
sourcing. In any case, the goal is to discover the most appropriate combination of the basic sourcing
criteria: service content, quality levels, availability, flexibility, and competitive price.
Typical Focus Areas in Companies of Various Sizes

Small Companies
IT operations are based on contracts. The contract management is centralized.
In small companies, it is important to ensure that the number of suppliers is under control. Small
companies must be careful in selecting suppliers that support the companys growth and in avoiding
ones that may compromise business continuity. In small companies, sourcing typically consists of oneoff occasions for purchasing in which success is best ensured by acquiring assistance from external
experts.
Supplier management is centralized and contracts are based upon a mutual set of terms and
conditions. The Sourcing and Supplier Strategy provides guidelines for supplier selection.
A medium-sized company should consider centralizing purchases to a few carefully selected
suppliers, thus strengthening its role as a key customer. The most productive cooperation is often
established between two companies of similar size. A medium-sized company has limited possibilities
to receive the best possible service from large IT service providers. On the other hand, the suppliers
PAGE 75
capacity and service offerings for small companies would no longer be adequate for a medium-sized
company. Therefore, a medium-sized company may face challenges in finding appropriately scaled
services and suitable service providers.
Large Companies
Centralized sourcing is the key to leveraging the volume advantages of a large company. Furthermore,
requirements specification, tendering and evaluation become all the more important as business
needs increase.
Well-functioning partnerships with strategic key suppliers should be established and maintained, so
that the suppliers are able to provide a comprehensive range of services for the entire business. Large
companies may also be able to influence the development of the ecosystems they use. Organizing
sourcing as a continuously operating function is essential.

In very large global companies, IT sourcing is an integral part of corporate-level sourcing. Therefore, it
is important to define well-functioning cooperation models between sourcing and IT.
Improved management of operational models and supplier risks is the method to preserve agility.
This presents a challenge for companies operating in several time zones and in a multicultural
environment.
A very large company may prepare framework agreements to secure its interests and use its strong
negotiating position to demand that all service providers follow them. If needed, a very large
company may even create its own ecosystems and have a strong influence in their development.
PAGE 76
Figure 4.9 Sourcing focus varies depending on company size.
Sourcing acquires the best services and solutions as specified in the IT strategy and IT development
plan. Sourcing is well acquainted with the new opportunities offered by vendors, organizes the
tendering process for purchases, negotiates terms and conditions, and supports the daily
management of projects and services. When organized professionally, Sourcing enables operational
efficiency of IT and helps IT to support business. Sourcing and Supplier Management covers the entire
life cycle of services.
PAGE 77
PAGE 78
5.1 Project and Development Management Overview
5.1 Overview
Project and Development Management Significance and Objectives
Continuous and effective development is essential for every competitive organization. Saving costs in
operations and investing in development enables the organization to create new business solutions
required especially by digitalization. If an organization is able to save 20% in service costs through
Sourcing and Service Management, it can even double its investments in new solutions and services. If
these new solutions replace legacy applications and simplify architecture, the organization is able to
achieve further savings, and as a consequence, afford the investments required by digitalization.
Figure 5.1.1 Development actions introduced by digitalization.
PAGE 79
Development is a coordinated set of actions to capture requirements based on business needs, to

implement a feasible solution, and to deploy it to users. All these actions need to be done according
to agreed development practices within the given scope of time, resources and value creation
expectations. Development can be a continuous flow of changes or, in larger and more complex cases,
project-based.
Development is coordinated by the Development Management Office (DMO), which also sets and
promotes development practices for company-wide control, visibility and consistency. DMO has the
mandate to classify and prioritize development initiatives to be approved or rejected by Development
Portfolio Steering. DMO has control over resources, dependencies and the performance of major
development initiatives, while providing the required support and consultation to maximize business
benefits creation and minimize risks.
Many organizations have a Project Management Office (PMO) that handles all the same tasks as the
DMO, but just for projects. As more and more development takes place beyond projects, it is
recommended to have a full-scope DMO to replace the PMO.
Projects vary greatly in terms of targets, duration, budget, staffing and difficulty. Consequently, not all
development initiatives require a project and they can be classified as a change. In all development,
excluding a straightforward change, the following topics need to be managed:
Business Case validity
Goals, scope and constraints
Timetables and costs
Tasks and deliverables
Workloads and needed resources (internal and/or external)
Compliance with Enterprise Architecture
Quality and risks
Key objectives of Project and Development Management

Improve and create new solutions to succeed in competitive environments.
Manage the scope, schedule, costs, resources, and value creation of large-scale development
initiatives.
Support agile and release-based development practices in environments, where the majority
of development of existing solutions is incremental, or requires fast time-to-market of new
PAGE 80
solutions.
A project or change can also be part of a bigger business-driven initiative called a program. Programs
are derived directly from strategic initiatives and are formed in situations where the change is rolled
out to many business units as sub-projects. The program manager manages the program with the aid
of project organizations.
Project and Development Management Roles and Competence

Requirements
As large organizations continuously run several simultaneous development efforts, Development
Portfolio Steering is established to evaluate and prioritize opportunities with the support of the DMO.
It maintains a list of all major development initiatives and manages their dependencies. The DMO also
validates the Pre-Study and the Business Case for Portfolio Steering, which authorizes
Conceptualization and Planning. After Planning, Portfolio Steering authorizes execution.
Some smaller changes may fall directly to service delivery, in which case they are handled as change
requests under the Service Management Office (SMO). Read more about service delivery and the SMO
in the Service Management Stream.
PAGE 81
Figure 5.1.2 The Development Management Office and Different Formats of Development.
Projects are governed by their nominated steering groups, which report to Portfolio Steering at Gate
Review Meetings. A Project Steering Group consists of representatives of the business and project
organizations. The duties of the Project Steering Group, with the support of the DMO, include ensuring
that the project creates value for the Business; providing the project organization with guidelines,
decisions, and support; and ensuring that the targets of the project are met. The Project Steering
Group approves changes to the schedule, budget and scope of the project. The members must have
adequate decision-making and resourcing authority as well as sufficient subject knowledge. The
Project Steering Group must also escalate decision-making when needed.
Project roles
The Project Owner is typically the head of the business unit or a Process Owner. The Project Owner is
responsible for the projects progress and quality towards business and is usually the chairperson of
the Project Steering Group. The Project Owner is also responsible for approval and endorsement of
the project deliverables. Furthermore, the Project Owner carries the main responsibility for executing
and tracking the realization of business benefits.
PAGE 82
Figure 5.1.3 Value-Driven Approach to the Steering Group.
Project Manager is responsible for daily project management and ensures that the project produces
the agreed deliverables at the appropriate level of quality. Moreover, the Project Manager has the
responsibility of ensuring that the project is implemented on schedule and within budget. The Project
Manager also handles project-related changes and escalations to the Steering Group.
PAGE 83
Project Manager is a role and not a title. A role means a set of responsibilities, functions and
authorizations, which are given to a person or a group of people based on their competence. One
person or a group can have several roles. However, this role requires dedication and time, and some
organizations have a precondition that the Project Manager has to dedicate at least 80% of his or her
time to the role.
Project Manager is responsible for project management communication. The role reports the project
status to the Steering Group and acquires the needed decisions. To ensure that the project runs
smoothly, the Project Manager must have adequate authority for minor project-specific changes.
Business Lead is someone with the authority and ability to be the projects face towards business. The
Business Leads main responsibility is to consult during Project Planning and to ensure that the
designed and developed solution addresses the initial needs as specified by the respective line of
business. The Business Lead usually executes the Rollout stage together with the Training Manager.
Other key roles typically included in a project team are an end-user representative (Super User, Key
User), a technical lead, process owners as well as those responsible for testing and quality assurance.
People responsible for communication, competence development and training must also be involved.
The roles and responsibilities are defined at the latest in the Planning stage.
Key Roles in Project and Development Management

Project Owner
Process Owner / Solution Owner
Project Manager
Business Lead
Steering Functions in Project Development Management

Project Steering Group
Development Management Office
Project Management Office
The Essentials of Good Project Management

Each project is classified based on criteria that suit the organization. These criteria may include the
size of the budget, the complexity of the solution, its organizational effects, effects on Master Data or
integrations, solution visibility to end users and customers, as well as impact on currently known
procedures. The bigger and more complex the project, the more attention it requires. Small projects
PAGE 84
may require fewer review meetings, resources and deliverables.

Each project has an appropriate Steering Group and Management Model. The Project Plan describes
the project organizations roles and responsibilities, project management methods, owners and other
stakeholders, Key Performance Indicators (KPIs), Must-Have Deliverables and documentation
methods, as well as follow-up and reporting practices.
Each project has an experienced goal-oriented and business-minded Project Owner and Project
Manager, who are capable of inspiring and motivating people. All projects face challenges that the
Project Steering Group must handle to minimize the negative impact on the project outcome. The role
of the Project Owner is to ensure that the project fits the need of the organization, whereas the Project
Manager ensures that the project deliverables meet the requirements and standards set in the
beginning.
A project has an up-to-date Business Case and Project Plan. The Business Case defines whether the
project still has business justification and is thus validated at each gate or decision point. The project
plan is validated and revised according to the Business Case. The plan displays project phases as well
as the status of deliverables and project tasks together with their schedules and resources.
The Project delivers a future-proof Solution that meets short and long-run business needs and is
based on reliable and easily configurable applications that are fit for the business purpose. The
Services required by the solution are planned and implemented professionally and are under the
control of Service Management processes.
Change management, communication and training are required for the company to benefit from the
outcome of the project. Organizational change impact is one of the Project Proposals core issues and
is therefore addressed even before the project is established. It is important to consider the scale and
direction of change together with personnel attitudes towards change. The project owner is
together with the project organization responsible for implementing the change and delivering
benefits to the business.
Project and Development Management Functions and Phases

In a fast-moving business environment, the time from opportunity identification to the finalized
solution must be short. In many cases, development can be implemented by a consistent set of
changes to processes, solutions and services without a project. In more complex cases, the
PAGE 85
development initiative should be classified as a project and appropriate management procedures

should be taken. This section describes the project flow from opportunity to business benefit
realization.
Project management models are often seen as complex and unwieldy. This is why we introduce a
practical Project Model that is largely based on PMBOK and PRINCE2, but the Phases and Stages
create a concrete step-by-step guide to run a successful project. Agile methods and the Scaled Agile
Framework are favored solution implementation practices. They enable iterative, continuous
development as well as quick learning and reaction to changes.
Figure 5.1.4 Project and Development Management Functions.
PAGE 86
5.2 Project and Development Management Project Portfolio Management
5.2 Project Portfolio Management

Project Portfolio Management qualifies projects to be taken into a portfolio, follows up their status
and sets priorities in case of conflicts of interest. Project Portfolio Management is a responsibility of
the DMO and Project Portfolio Steering. Project gate review is carried out at the portfolio level in the
beginning and end of the Initiation phase, and before and after the Rollout stage. These are the gates
at which project continuity and the Business Case are verified at the portfolio level. In addition to this,
projects report their status to Portfolio Steering, which has portfolio review meeting six to twelve
times per year.
Figure 5.2 Project Governance Model.
PAGE 87
5.3 Project and Development Management Business Process Development
5.3 Business Process Development

Process development is about improving an organizations way of working by identifying and creating
the most efficient processes that bring the best results. It has several goals: making more efficient use
of resources (time, money, raw materials, and work); improving the quality of products, services and
data; and serving the needs of the markets. The best-performing organizations strive for continuous
process improvement with the aid of Key User and Process Owner Networks.
Some organizations prefer to talk about business capabilities rather than processes. Business
Capability is a wider term and includes processes, applications, services (together with solutions) and
competence. For more information about Business Process Development, see Chapter 2, Enterprise
Development.
PAGE 88
5.4 Project and Development Management Pre-Study and Business Case
5.4 Pre-Study and Business Case

Before any idea can be classified as a project or a change, the opportunity needs to be examined in
more detail. The formalized ways to present the evaluation are the Business Case and the Pre-Study.
The Business Case is a calculation of the projects expected business benefits and assumed financial
costs, and it often includes a graphic illustration of the return on investment. The Business Case
analysis is necessary to make sure that the proposed project is economically viable. However, since
any scenario always includes uncertainties, the Pre-Study is used to give more detail and describe the
different opportunities. The Project Owner presents the business case to the Portfolio Steering Group,
which classifies and authorizes the project in addition to granting funding for the next Phase.
The Development Portfolio Steering Group can either reject or approve the project after considering
the Project Proposal, Business Case, financing and the projects impact and interdependency on other
projects. The execution method, priority and timing of projects are also decided based on this
assessment.
PAGE 89
5.5 Project and Development Management Planning and Commitment
5.5 Planning and Commitment

A decision to initiate a project is followed by a Conceptualization stage in which the Pre-Study is
turned into a feasible concept or business process. Business commitment is often gained during
workshops and when the concept is approved by the Project Steering Group. The concept is also the
basis for the Business Requirements used by the solution designers.
In the Initiation Phase, the project proposal is turned into a Project Plan. In order to create a project
plan, Project team and Steering Group must consider
the way the project is delivered (choose a methodology)
organizational readiness for the change
resourcing, costs and dependencies with other projects
risks and requirements for risk mitigation
must-have deliverables, which correlate with the classification
a realistic schedule based on all of the above
To enable efficient monitoring and management, the projects must-have deliverables are determined
and the acceptance criteria are agreed upon. Each project phase ends with a Gate Review Meeting, at
which the Business Case is validated, Deliverables are checked and future needs are evaluated.
Project Steering Meetings concentrate on the actual status of the project, while the Gate Review
Meetings assess the quality and validity of the project. Gate Review Meetings also give guidance and
manage the resourcing for the next Phase.
PAGE 90
5.5 Project and Development Management Planning and Commitment
Figure 5.5 The Dynamics of Project Meetings.
As a result of the planning process, the project cost estimate and organizational change predictions
become more accurate. The change estimates include role description changes as well as changes to
current processes and systems. The project receives appropriate follow-up metrics (KPIs) as well as
plans for communication and the management of quality and organizational change. While the
Conceptualization Gate 0 (G0), can be approved by Project Steering Group, the Planning Gate 1 (G1) is
further validated by Project Portfolio Steering. Portfolio Steering grants funding and determines
decision-making limits for the rest of the project based on all of the information available.
Recurring management tasks throughout the various phases of a project include change management
and communication, quality assurance, risk and readiness assessment, and architecture reviews.
PAGE 91
5.6 Project and Development Management Design, Development and Validation
5.6 Design, Development and Validation

The purpose of the Execution Phase is to design and develop a solution that meets business needs. In
this phase, the solution is designed by the developers and concept owners, developed according to
the design, and validated from the functional and end-user perspectives. The execution method
should be determined based on the complexity, restrictions and dependencies of the project.
However, Agile methodology should be favored, as it gives possibilities for fast reaction to changes,
enables better visibility on delivery and results in faster time-to-market.
The Design stage includes gathering the final list of Business Requirements, as well as ensuring the
design is in line with the Business Case and that it doesnt have functional or technical gaps. The
solution may be a new system or a new business process description, but development still follows
the same logical stages. While the solution is being built, the readiness of the organization is also
promoted by engaging people in decision-making, gathering feedback, and involving the full
organization in making the change happen.
The Development stage is equally important, as it is at this stage that organizational readiness is
finalized through continuous involvement. At the Development stage, the solution is built according
to the Design Specification. At the end of the phase, the solution is ready for testing. If the project is
managed with a waterfall methodology, the stages are executed in sequence. Agile projects consist of
sprints, each of which produces a deployable intermediate solution.
In the case of system development, the Validation stage is commonly divided into System and User
Acceptance Testing, where the solution is validated and training material is finalized. The execution
and reporting responsibility of User Acceptance Testing usually rests on the business. After the
validation phase, the system is ready for piloting in the production environment. From the business
continuity point of view, the transition to production is the most critical project phase, as it may
include retiring old solutions while rolling out the new one. This phase is critical also from the enduser point of view, as users need to adapt to new ways of working. During the execution phase, the
Project Steering Group must be aware of any changes in the Business Environment.
PAGE 92
5.6 Project and Development Management Design, Development and Validation
Figure 5.6 Agile Development with Gate-based Project Model.
Because projects are by nature in a continuous state of change, they have many more uncertainties
than continuous operations. The uncertainties are often followed by needs for change to which
professionally run projects apply well-defined methods. Costs resulting from project changes are
subject to the 1 10 100 rule, meaning that the cost will be multiplied, depending on whether the
change is made at the Planning (1 unit) or Development stage (10 units) or at Transition to production
(100 units). In large projects and multi-project programs the importance of managing risks,
requirements and resources increases; hence, the Business Case must be validated at each Gate.
PAGE 93
5.7 Project and Development Management Deployment and Training
5.7 Deployment and Training

The Deployment Phase includes Piloting and Rollout which include training of the stakeholder groups.
In this phase, the organizational change is brought to life and monitored closely by surveys, through
Key Performance Indicators (KPIs), and by gathering feedback from users. The aim of Piloting is to
make sure that everything works in production with real users, Master Data and integrations. Piloting
is done to increase readiness and to finalize the system before the full-scale Rollout. This Gate 5 is
usually approved by Portfolio Steering due to its importance for everyday Business Operations. If
Piloting is for some reason omitted (for example, due to the projects small impact on the business
organization), the previous stage, Gate 4 (Validation) may be escalated to the portfolio level.
Training and Rollout are phases at which the actual benefits from the project begin to materialize.
During Piloting, the projects deliverables are transferred to the Service Organization by integrating
them into continuous operations (see Service Management Stream). Preparations for this stage begin
already at the Planning stage to ensure that all parties have a common understanding of the solution,
its readiness, quality and organizational impact.
There are three approaches to Rollout, and all of these can also be combined.
Figure 5.7 Rollout Stage Methods.
PAGE 94
5.7 Project and Development Management Deployment and Training
After the Rollout, the project is closed. Project completion includes an evaluation of how well the
targets were met, approval of project deliverables, and documentation of any further development
ideas and unresolved issues. Deliverables and post-project service responsibilities and warranty
periods are recorded in the Service Handover Documentation. In addition to preparing the actual final
report, it is important to conduct a feedback survey across stakeholder groups as well as to document
the lessons learned and experiences gained during the project.
PAGE 95
5.8 Project and Development Management Business Benefits Realization
5.8 Business Benefits Realization

The Project Manager is responsible for project completion until the end of the Rollout stage. Some of
the Business Benefits may be achieved before this happens, but most usually they materialize at some
point in the future. For this reason, the Business Benefits Plan is one the most important deliverables
of the Rollout stage. Follow-up of the Realization is the responsibility of the DMO and Project Portfolio
Management.
After the project deliverables have been in use for a while, Business Benefit Tracking is conducted to
see if the originally targeted business benefits were realized; whether the project produced some
other value; and whether the investment was worthwhile. If necessary, a proposal for further
development can be made based on user experiences.
PAGE 96
5.9 Project and Development Management Focus Areas
5.9 Focus Areas

In Project and Development Management, the classification of development initiatives helps to select
the appropriate steering and execution model. The DMO is in charge of defining and maintaining this
classification scheme depending on the needs of the business environment. The Pre-Study phase with
the resulting project proposal and the first business case ideas give sufficient input to apply the
classification. The projects are then prioritized based on their value to the business and the
availability of resources.
The focus areas of Project Management vary greatly among IT organizations in companies of different
sizes. Establishing projects and creating a project culture are the top priorities in small companies.
Large corporations struggle with other challenges: the larger the company, the greater the number of
projects and, consequently, the greater the importance of processes and the effective management of
project resources.
Project management challenges also change when business impact increases. Projects that are
confined to a single unit are typically easier than projects spanning multiple units. Usually, larger
projects also require wide-ranging changes to corporate culture and tools. This puts additional
pressure on project managers. In such cases, the project organization must have participants also
from HR and communications.

Small Companies
In the IT organizations of small companies, the same individuals are typically responsible for both
continuous services and development activities. To avoid never-ending projects, the first priority of
Project Management is to turn strategic development tasks into projects.
When developing a project culture, it is important to establish the minimum standard of Project
Management. All projects must have well-defined targets, a project plan, an owner, a project manager
and a regular reporting practice. Furthermore, each project must have a clear end point that is
preceded by the integration of project deliverables into continuous operations. External expert help is
a way to ensure project success.
PAGE 97
As the size of a company and the number of stakeholders grows, so does the importance of project
business cases as well as proper prioritization and preparation.
When the operating environment expands, increasing attention must be paid to project steering,
execution and rollout. Moreover, the importance of well-established project management models
increases. In medium-sized companies, there are many projects ongoing at all times, requiring a
shared project management culture.
Large Companies
Large companies have numerous active projects running simultaneously, and their project culture is
well established. A Project or Development Management Office (PMO/DMO) is often set up to organize
project activities and to develop uniform project management models and practices.
Programs are prioritized and resourced with the help of a project portfolio to achieve the most
beneficial outcome for the companys business.
Due to the size and diversity of the operating environment, training and well-managed transitions to
production are of particular importance. All projects strive for maximal business value and common
operational models.

In very large companies, the focus of project management is on the effective management of project
resources. In addition to personnel, the project resource pool includes experts from external partners.
PAGE 98
Typically, very large companies have a dedicated function for managing project resources.
The management of business strategy takes place with the help of a project portfolio. The project
portfolio is a tool for management. The balance and maximal value of the project portfolio as well as
its alignment with business strategy are taken into account in decision-making.
Figure 5.9 The focus of Project Management changes with the size and complexity of the company.
The aim of projects is to deliver current or new practices, systems and services for the purpose of
achieving the targets defined in the companys business strategy or IT strategy.
In the absence of business demand and steering, justification for a project ceases to exist. Projects are
managed so that they achieve the specified goals on schedule, within budget and with the required
level of quality.
PAGE 99
PAGE 100
6.1 Service Management Overview
6.1 Overview
Digitalization impacts on Service Management, adds speed and agility to reliability and scalability as
the key business drivers. This can sometimes result in favoring cloud-based applications that require
no IT management at all. This approach, however, does not take into account that there is a need for
integration and compliance with corporate data and security policies. The role of Service
Management is to address the business needs and be able to combine agility with reliability.
Figure 6.1.1 Service is more than what you see.

One of the most important tasks of IT is to provide services that efficiently support the business. There
is a direct link between the quality of IT services and business efficiency, since more and more
business processes are supported by IT services. The production of services typically forms up to
7090% of total IT spending in a company. The quality of IT services is a business enabler that helps
the business to achieve its targets, lower its costs and increase competitiveness.
Service Management is a set of processes, competence and tools to align the delivery of services with
the needs of the enterprise. The primary objective of Service Management is to offer business-aligned
services that ensure efficient and uninterrupted business operations. This requires a reliable and well-
PAGE 101
documented service environment, efficient operational models, strict compliance with governance
processes, as well as adequate skills and capabilities.
The services offered by IT must conform to the continuously changing requirements and needs of the
business. Service Management is responsible for the continuous improvement and development of
services, while, at the same time, it needs to constantly manage and monitor performance in order to
ensure the business purpose fit and quality of services.
Service Management consists of the following key functions:
Service Portfolio Management
Enterprise Information Management
Service Development and Design
Service Integration and Quality
Service Transition and Operations
Self-Service and Automation
Key Objectives of Service Management

Continuous development of services with effective utilization of digital opportunities and
service automation.
Ensure service continuity for business operations.
Produce the agreed services cost-efficiently and according to the service promise.
Service Management Roles and Competence Requirements

The person(s) responsible for Service Management should have adequate technical knowledge
combined with good communication skills, business understanding, and a genuinely service-oriented
mindset.
PAGE 102
Figure 6.1.2 Service Management.
Service Management consists of two main elements: service development and service operations (see
the picture above). Service Owners have an end-to-end responsibility for the services. They have a
good understanding of business needs and are in charge of developing and maintaining the service
development roadmap. Service Owners define the required service levels in operations and ensure
operational performance. Service Manager is a very common role name and is used to describe
various functions, but typically it refers to service ownership at lower levels. A Service Manager is
responsible for developing services and plays a key role in projects as well as product releases. The
primary objective of the Service Manager is to provide better services at a lower cost.
The quality of operations is assured by the Service Management Office (SMO), staffed by Service
Integration Managers. The SMO together with the Service Desk executes Service Integration and
Management (SIAM) over all services. The Service Desk is the front-end taking care of users, while SMO
is the back-end function taking care of suppliers and processes.
PAGE 103
Business steering is organized into two functions: Service Portfolio Steering is the highest-level service
governance body responsible for approval of major development initiatives, while the Change
Advisory Board (CAB) governs changes. The Service Owners, supervised by the Head of Services, are
responsible for managing the Service Portfolio and for maintaining the service roadmaps for Service
Portfolio Steering. The Chairperson of Service Portfolio Steering should be an executive-level business
representative. The Change Advisory Board supports the Change Manager, a role within SMO, in the
assessment, prioritization and scheduling of changes. The CAB includes representatives from
business, IT and supplier organizations. Business is typically represented by Key Users.
Key Roles in Service Management

Head of Services
Service Owner
Service Manager (generic role name, typically the lowest level of service ownership)
Service Integration Manager
Service Desk Agent
Steering Functions in Service Management

Service Portfolio Steering
Change Advisory Board (CAB)
Service Management Office (SMO)
Service Desk (SD)
Service Management Functions

Service Management is divided into distinct functions, each of which is composed of specific
processes and tasks. The figure below, Five Elements of Service Management, presents the logical
relationship between different Service Management functions. The upper layer, Service Portfolio,
follows the overall service lifecycle and has control over both the development and operation sides of
Service Management. Service Integration constantly manages and monitors the performance of
services over multiple Service Providers, while at the same time ensuring that the service
development initiatives introduced by Service Development and Design are compliant with
operations standards. The bottom layer, Self-Service and Automation, enables the management of
services and related transactions for all functions of Service Management.
PAGE 104
Figure 6.1.3 The Five Elements of Service Management.
Service Management consists of the following seven functions:

Service Portfolio Management (Enterprise Development)
Enterprise Information Management (Enterprise Development)
Service Development and Design
Service Integration and Quality
Service Transition and Operational Readiness
Service Operation and Support
Self-Service and Automation
PAGE 105
6.2 Service Management Service Portfolio Management
6.2 Service Portfolio Management

Service Portfolio defines a model of how services are managed throughout their lifecycle. The Service
Portfolio includes all services at any phase of their lifecycle. Service Portfolio Management is
discussed in more detail in Chapter 2, Enterprise Development.
PAGE 106
6.3 Service Management Enterprise Information Management
6.3 Enterprise Information Management

Comprehensive and continuous Enterprise Information Management ensures usability and the
integrity of essential data for the companys processes, operations and reporting. The goal is a
procedure to keep information up-to-date and valuable for the business. Enterprise Information
Management is discussed in more detail in Chapter 2, Enterprise Development.
PAGE 107
6.4 Service Management Service Development and Design
6.4 Service Development and Design

Service Development is responsible for introducing new services and service development initiatives
for the Business. It takes impulses from business projects, concept development, key users and
service integration, and carries out the development efforts either as projects or changes.
Figure 6.4.1 Model for Service Development.
PAGE 108
Service Design is defined with the help of the Service Architecture. It is composed of four elements:
Service Catalog
Service Roadmap
Service Delivery Model
Service Structure
The Service Architecture should be as clear and simple as possible. Together with professional
sourcing of services and a business-value driven implementation of a unified Service Roadmap,
Service Architecture helps achieve an optimal service structure.
Figure 6.4.2 Service Architecture.
PAGE 109
Service Architecture has a significant role in aligning processes and systems as well as in enabling
purposeful service development and lifecycle management. Key Service Providers should be
committed to and included in the development of the Service Architecture.
The Service Architecture (SA) is managed by Service Owners. Each Service Owner is responsible for a
Service Domain or a specific service. Typically organizations have five to ten Service Domains such as
the following:
Sales and Marketing Solutions
Production and Supply Chain Solutions
R&D and Engineering Solutions
Business Support Solutions
End User Services, i.e. Workstation and Collaboration Services
Infrastructure Services, i.e. Capacity and Connectivity Services
The Service Catalog is a definition of services provided by company IT. It makes IT services more
understandable and concrete, and is in fact the basis for developing, organizing, delivering and
improving IT management. In addition, it creates a link between business and IT by explaining which
services are available, and what components each of these services encompass. The Service catalog
helps demonstrate the service focus of IT and the produced value for business.
The Service Delivery model is defined in cooperation with Sourcing. Possible delivery models for
continuous services include near or offshoring and cloud services. The service delivery model should
decide if, and which, services are sourced, and which Service Providers are preferred. It should also
define whether services are purchased as end-to-end services, as separate service components, or by
building so-called service towers (stack of services) that utilize the most suitable supplier for each
service area. The size and operational model of a company will, to a large extent, define the best
delivery model.
The Service Roadmap is a plan for developing a service or Service Domain with information on the
scope, schedule, costs and business benefits of each of the initiatives. Each development initiative is
carried out as a project, service release or change.
The Service Structure includes definitions of the logical structure of the service, service relations and
responsibilities. Service Structure defines the highest-level elements of the Configuration
Management Database (CMDB).
PAGE 110
6.5 Service Management Service Integration and Quality
6.5 Service Integration and Quality

Service Integration and Quality is responsible for constantly managing and monitoring the
performance of services. Service Integration and Management (SIAM) or, in short, Service Integration,
is a framework designed to provide unified and integrated services and a harmonized user experience
in a multi-sourced service environment. Service Integration is a process-driven function and is largely
based on the globally adopted ITIL framework.
SIAM processes are managed by Service Integration Managers. While Service Owners take care of the
development, and have the overall responsibility of the services, Service Integration Managers are
responsible for controlling service operations. Both Service Owners and Service Integration Managers
cooperate with Service Delivery Managers, who are responsible for service delivery. As many services
are often sourced, Service Delivery Managers can typically represent Service Providers.
Most SIAM processes are typically taken care of by the SMO. These processes deal with the operative
management of services and are split into six process areas:
SIAM Compliance
Catalog & SLA Management
Core Process Management
Security Assurance
Continuity Management
Change Management
PAGE 111
6.5 Service Management Service Integration and Quality
Figure 6.5 The Service Management Office (SMO) manages SIAM processes with the Service Desk.
PAGE 112
6.6 Service Management Service Transition and Operational Readiness
6.6 Service Transition and Operational Readiness

Service Transition builds the readiness for efficient service operation and for keeping the service
promise. These capabilities consist of processes, expertise, systems, documentation and data.
A controlled rollout of a service requires careful planning, efficient communications and training. The
rollout of systems, services, and project deliverables should all be part of a controlled process to
ensure information security and service continuity for the business.
Service Transition needs to consider the different phases of the rollout for a service or a process as
well as the possibility for automation. In case of unexpected situations, the possibility of rollback to a
previous state must be ensured during all rollouts.
PAGE 113
6.7 Service Management Service Operation and Support
6.7 Service Operation and Support

Service Operation and Support organizes the delivery of services and adequate support for the service
users. Service Providers are responsible for professional service delivery: they are also responsible for
managing their service delivery so that all services form an integrated entity with shared Key
Performance Indicators (KPIs).
Overall service delivery is overseen by the Service Delivery Manager. Service delivery activities are
managed by cross-functional operative and line roles, and executed by Specialists with different
expertise areas.
The Service Desk is responsible for day-to-day service requests and incident resolution. Service
delivery and operations management are conducted according to their respective ITIL processes. The
task of Service Operation is to ensure the efficient delivery of services without interruptions. The
business and IT define the target service levels for each service by a Service Level Agreement (SLA),
which is the reference for Service Operation.
It is essential to understand the division of services into Business Solutions, End User Services and
Infrastructure Services. Business Solutions include, for example, application services that enable
business processes, such as ERP and financial management.
End User Services include the concrete services provided for employees. These include at least the
service desk, workstation services and collaboration tools. Infrastructure Services include, for
example, data communication and capacity services. Outsourced service operations enable costefficient operations and effective management of business risks, but also set higher requirements on
the companys IT management skills, documentation and communication.
PAGE 114
6.8 Service Management Self Service and Automation
6.8 Self Service and Automation

An enterprise should aim to automate IT services as widely as possible. Increased automation will
spare resources and enable self-service independently of time and place. This can be done efficiently
via a Service Management Platform.
The Service Management Platform enables the management of services and related transactions. The
platform enables process automation and the implementation of a self-service portal for end users.
The Service Management Platform includes a Configuration Management Database (CMDB) as a
repository for configuration items as well as their relations and attributes.
The Service Management Platform binds together all the elements of Service Management. It includes
management tools for Service Offering, Development Roadmaps, Projects and Resources, and
contains the CMDB to manage the Service Architecture and its development. It includes the Service
Portfolio and Dashboards for Service Portfolio Steering. It provides ITIL process support, Catalogs,
Workflow Management and Integration to support all SIAM Processes.
Large companies typically buy and customize their own IT Service Management (ITSM) systems,
whereas small companies rely on standardized services from ITSM vendors and independent service
providers.
PAGE 115
6.8 Service Management Self Service and Automation
Figure 6.8 Self-Service and automation are enabled by Service Management.
PAGE 116
6.9 Service Management Focus Areas
6.9 Focus Areas

Service Management Focus areas
In recent years, the methods and tools for Service Management have progressed dramatically.
Whereas the development has so far been mainly from the standpoint of IT and driven by IT, future
efforts will increasingly focus on the development of Service Management from the standpoint of
Business, which is the customer. This trend will allow IT and Business to operate in closer
cooperation, enabling better identification of solutions that support Business and shorten the
response time of IT.
The continuously changing external operating environment, cost pressure and personnel turnover
create challenges for Service Management in all companies regardless of their size or line of business.
Although every company is unique, companies of equal size generally face similar problems.

Small Companies
IT in small companies is generally operated by only a few people. This requires focus on documenting
the operating environment and applications, and on facilitating knowledge sharing. In order to avoid
excessive dependency on a few individuals, small companies can buy basic IT as a service.
A geographically decentralized company must implement a clearly defined Service Management
model that defines roles, responsibilities and processes across business operations. As the basic
corporate infrastructure of companies of this size is usually partly outsourced, effective service
production and planning of services is impossible without uniform operating models. The need for
systematic and well-organized vendor management, monitoring of service levels and effective
incident control increases as the operating environment becomes more complex.
PAGE 117
Large Companies
Large companies must make a conscious decision whether to centralize or decentralize their service
operation. A successful requirement assessment and the mobilization of services together with
business operations are only possible when using productized services. The service requirement
assessment and rollout must consider the laws and practices of different countries while also taking
into account the multi-vendor environment. In addition, the importance of service ownership
increases: a single person cannot assume the responsibility for the entire service portfolio of a large
company. The implementation of the SIAM concept enables efficient operations in a multi-vendor
environment.

Net sales category 10 000 M, operates globally
Globally operating companies must be able to manage acquisitions and divestments as well as the
shift of operations to low-cost countries. While the centralized management of applications enables
cost savings, it also creates challenges in terms of resourcing, communication and user support.
Moreover, operating with global service and hardware vendors creates additional requirements for
Sourcing. The implementation of the SIAM concept enables efficient operations in a multi-vendor
environment.
PAGE 118
Figure 6.9 The focus of Service Management changes with the size and complexity of the company.
The primary objective of Service Management is to ensure uninterrupted business operations. IT

cooperates with internal and/or eternal services providers to provide the Business with services in
accordance with service contracts. Sustainable planning and development of services enables IT to
ensure continuity when business needs change.
PAGE 119
PAGE 120
7.1 Tools & Standards IT Standard Deployment
7.1 IT Standard Deployment

IT Standard can be implemented in various ways depending on the companys maturity and level of
competence needed to deploy the work according to the guidelines. A company can take full
advantage of IT Standard to run their business, however, they first need to have an understanding of
the wanted changes and the focus areas for improvement. The deployment of IT Standard consists of
several steps that are described in this figure.
Figure 7.1 Deployment Plan
Maturity Analysis
IT Standard maturity analysis is a way to assess the current state of a companys IT operations and to
determine the areas that need improvement. It consists of performing assessments based on the
CMMI (Capability Maturity Model Integration) scale for each IT function within the company.
PAGE 121
The maturity analysis can be done through six levels of development ranging from completely
unorganized, impulsive ad hoc processes to the highest level of well-managed and orderly, systematic
operations. It is performed as a self-assessment. Each assessed IT function gets a score according to
the maturity level it best corresponds to.
PAGE 122
Score
Description
The task is
quantitatively
managed. The causes
for deviations are
clarified and the
development of taskrelated processes is
continuous and
innovative.
The task is managed

and controlled using
defined indicators.
The task has been

implemented, is welldefined and
measurable.
The task is planned but

no controlled
implementation has
occurred.
The task is unplanned.

It is performed but
practices are lacking.
The task is unidentified.

It is performed
incidentally, at best.
Maturity Levels
Each different IT function gets a score according to the maturity level scale. In the basic framework
illustration of IT Standard, also known as the grid, there are altogether 28 functions. The maturity
assessment helps to determine the current level of maturity in a certain function and to set the target
levels. Based on the results the company can better decide where to focus the development efforts.
The company will also learn a general opinion about its IT maturity and if there are gaps in
communication. In addition, it gives the awareness whether the business view and the IT views are
aligned as well as the possibility to benchmark the companys IT maturity against others in the
industry.
PAGE 123
The deployment of the IT Standard should be as pragmatic as possible. Proceeding in phases, the
deployment process begins with an effort to understand what is essential and what will be the focus of
improvement. Only after this the improvement measures are identified and setup as projects.
PAGE 124
7.2 Tools & Standards International IT Management Models and Standards
7.2 International IT Management Models and Standards

This chapter briefly describes the international IT management models and standards applied in the
development of the IT Standard.
ITIL
CMMI
COBIT
PMBOK
PRINCE2
ISO/IEC 20000
ISO/IEC 38500
TOGAF
ITIL
ITIL, formerly known as Information Technology Infrastructure Library, is a set of guidelines and best
practices for IT service management (ITSM). It is a registered trade mark of AXELOS Limited. ITIL
focuses on aligning IT services to the needs of business and supports its core processes. It is
structured and published in five core volumes: Service Strategy, Service Design, Service Transition,
Service Operation and Continual Service Improvement.
The framework that ITIL provides can be adapted and applied to all business and organizational
environments. It includes guidance for identifying, planning, delivering, and supporting IT services.
When successfully adopted, ITIL can help improve services, which in turn can mitigate business risks
and service disruption, improve customer relationship, and establish cost-effective systems for
managing demands for services.
CMMI
CMMI, Capability Maturity Model Integration, is an internationally known reference model
developed through best practices that provide guidance for improving processes that meet the
business goals of an organization. It was developed by industry experts, governments, and the
Software Engineering Institute (SEI).
PAGE 125
CMMI improves processes for an organization to show measurable benefits for their business
objectives and vision. An organization can organize and prioritize its methodologies, people, and
business activities through the framework provided by CMMI. The framework supports coordination
of multi-disciplinary activities and systematic thinking.
COBIT
COBIT 5 (launched in 2012), The Control Objectives for Information and Related Technology, is owned
and supported by ISACA. It was originally released in 1996 as COBIT. The current version 5.0 consist of
COBIT 4.1, VAL IT 2.0, and Risk IT frameworks.
COBIT 5 helps to create optimal value using IT by maintaining a balance among benefit realization,
risk optimization, and resource usage. The framework covers both business and IT units in the whole
organisation. It provides metrics and maturity models to measure whether or not the IT organization
has achieved its objectives. In addition, it also balances the needs of internal and external
stakeholders.
PMBOK
PMBOK, a Guide to the Project Management Body of Knowledge, is a guide to the internationally
recognized project management methods by the Project Management Institute (PMI). PMBOK is a
standard that is widely accepted and acknowledged as basis for most project management methods.
PMBOK provides an in-depth description of the required content and fundamentals of a project, but
does not focus on giving hands-on implementation advice. Practical guidance is offered by other
models such as PRINCE2. It is based on five basic processes: Initiating, Planning, Executing,
Controlling and Monitoring, and Closing.
PRINCE2
PRINCE2, Projects IN a Controlled Environment, is a de facto standard project management method
owned by the UK Cabinet Office. PRINCE2 complements the PMBOK model by providing a process-
PAGE 126
based and practical guidance with ready-to-use templates for Project Managers and Project Steering
Groups in the different phases of a project. PRINCE2 ensures greater control of resources and effective
management of business and project risks.
For example, the seven principles of PRINCE2 state how a project should be run throughout its lifecycle: a project must have a business justification, clearly defined roles and responsibilities in all
phases and processes, managed by stages to provide detailed and timely planning, defined tolerances
for management by exception, product focused delivery where project methods are tailored to fit this
particular projects needs, and learning from experience to continuously improve organizations
project culture.
ISO/IEC 20000
ISO/IEC 20000 is a service management system (SMS) and the first international standard for IT service
management. It is owned by The International Organization for Standardization (ISO) and the
International Electrotechnical Commission (IEC). It is broadly aligned with ITIL.
The ISO/IEC 20000 has two parts. The first part defines the formal requirements for high-quality
production of IT services to the business. IT includes criteria for planning, service management, and
service production as well as for customer / supplier management. The second part describes the
processes of service production largely in the same way as the ITIL processes while focusing, however,
more closely on customer/supplier management processes.
ISO/IEC 38500
ISO/IEC 38500 is a standard providing general principles on the role and IT governance of
management with business responsibility (for example, Board of Directors and Management Team). It
can be widely applied to all kinds and sizes of organizations for example public and private companies
and non-profit organizations.
The standard supports business management in their supervision of the IT organization and helps
them ensure that IT has a positive impact on the companys performance. The standard consist of six
principles:
PAGE 127
1. Responsibility
2. Strategy
3. Acquisition
4. Performance
5. Conformance
6. Human behaviour
Adherence to the ISO/IEC 38500 standard can assure management of conformance with good
governance
TOGAF
TOGAF is an Open Group Standard enterprise architecture framework that allows organizations to
have a structured approach for governing the implementation of technology, in particular the
software technology design, development, and maintenance. It was first published in 1995 and was
based on the US Department of Defence Technical Architecture Framework for Information
Management (TAFIM). It has been since developed by The Open Group Architecture Forum and
released in regular intervals on the Open Group public website.
TOGAF improves business efficiency by ensuring consistent methods, communication, and efficient
usage of resources. It ensures industry credibility with a common language among enterprise
architecture professionals.
PAGE 128
PAGE 129
8.1 Summary Summary
8.1 Summary
The IT Standard for Business is a hands-on IT management framework for companies and
organizations of all kinds. The IT Standard employs the best international industry practices, while
providing a more comprehensive and practical approach to business-oriented management. The IT
Standard is written in everyday language and benefits business executives as much as IT
professionals.
Digitalization changes how organizations relate to their customers, master products and services, do
preventive maintenance and add totally new functions and features to their existing offerings. Thus it
is a central part of operations, which in turn affects the way strategic decisions are made. In this
version of the IT Standard, digitalization is considered in every stream.
The IT Standard consists of five streams covering the operation of the entire IT organization:
Enterprise Development
Strategy and Governance
Sourcing and Supplier Management
Project and Development Management
Service Management
Enterprise Development integrates the different streams and links IT management to management of
the companys business. Each stream is introduced and contains the significance and objectives, the
required roles and competence, and the functions and purposes. For each stream, its nominal weight
in companies of different sizes is discussed.
The main points of the IT Standard can be summarized as follows:
Digitalization strategy and initiatives need a driver and control mechanism for the companys
IT operations and their development which can be found in Enterprise Development. It is
imperative to gain commitment from Business and IT for common objectives. There is also a
need for business processes and concepts, decisions on development priorities and
investments to ensure business continuity.
The IT function needs governance in order to ensure that the IT strategy, the operating model
and competence support the achievement of corporate objectives. Furthermore, IT costs need
to be well-managed and allocated appropriately, fairly and transparently.
PAGE 130
8.1 Summary Summary
New trends such as consumerism and virtualization emerge due to digitalization. Companies
need to ensure business fit and cost-efficiency of services through efficient sourcing. There is a
need to actively maintain quality and cost levels, for a strong negotiating position and market
price awareness.
Many organizations have more and more development initiatives which are scoped beyond
projects and therefore need a Development Management Office because Project Management
Office oversees mainly just projects. Development Portfolio Steering has the mandate to
approve or reject the classified and prioritized development initiatives.
The impact of digitalization to business include adding speed and agility to reliability and
scalability. Additionally, there is a need to consider integration and compliance with corporate
data and security policies. One of the most important tasks of IT is to provide services that
efficiently support the business. There is a direct link between the quality of IT services and
business efficiency, since more and more business processes are supported by IT services.
The deployment of IT Standard is executed in iterative steps. The process starts with a maturity
assessment that is performed for all functions described in the IT Standard. The assessment is used to
identify the needs for development and for fixing them one by one according to their level of urgency.
When IT is managed in accordance with the IT Standard, companies can ensure business continuity. It
is capable of informing businesses of new opportunities and innovations made possible by advanced
information technology systems. By following the IT Standard, risks and challenges brought forth by
digitalization can be mitigated. The IT Standard give basis for improved profitability and costefficiency of the company and creates the foundation for growth with the help of scalable solutions.
More importantly, the joint development of the IT Standard guarantees a company with best practices
from the various industries.
PAGE 131
8.1 Summary Summary
PAGE 132
8.1 Summary Summary
Powered by TCPDF (www.tcpdf.org)
PAGE 133

It Standard For Business

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

It Standard For Business

Hochgeladen von

Copyright:

Verfügbare Formate

www.itforbusiness.

Focus Areas ................................................................................................................................................. 97

Service Management................................................................................................................................ 100

1.1 IT Standard for Business Preface