Before we dive into the caselets, there is a core set of information applied to each caselet which guides a potential “solution.” We call this framework the Five Anchors and it revolves around a series of 15 questions in five key areas. These questions (numbered below) allow you to focus on fundamental management areas from an enterprise perspective. Each question is further expanded in the bullets. The breadth of these questions allow the user to look “full scope” rather than risking a constrained focus (e.g. the stereotypic knee-jerk reaction towards technology solutions).
What are the business strategy, goals and objectives? What are the measures that demonstrate the achievement of the business strategy, goals and objectives?
This information should be gathered before any improvement initiative begins so the solution to the issue is based on business need. Additionally, measures (CSFs, KPIs) should be defined, understood and deployed at this point in order to create the necessary baseline to show improvements.
What is the business issue or activity at risk?
Is a vital business function at risk, is it a new market activity, or is there a high degree of urgency and/or impact (priority)?
Is the ownership to resolve the situation (caselet scenario) at the appropriate level of authority?
The solution set or current situation should be addressed by an accountable named role, therefore, is that role the decision-authority?
Has there been a compromise of the information security policy?
Review the confidentiality, integrity and accessibility of information resources and ensure the business issue has not breached the approved and/or agreed information security policy (protect business interest).
What are the internal and external compliance or regulatory concerns?
Apply an appropriate balance among the relevant regulatory, statutory and contractual obligations to ensure business outcomes are met (performance and conformance).
What is the cultural appetite for risk?
Define and agree with key stakeholders the organizational risk tolerance, understanding that risk tolerance may differ among departments, services, entities, etc.
Does the current portfolio meet expectations and needs of the stakeholder?
Does the service provider have the necessary resources and capabilities to create the necessary level of customer satisfaction (business outcomes, preferences and perceptions)?
What is the value of that business activity (VBF)?
Use the outcome of a Business Impact Analysis (BIA), SWOT analysis (Strengths, Weaknesses, Opportunities, Threats), PESTEL analysis (Political, Economic, Social, Technological, Environmental, Legal), etc., to understand the impact of the situation and classify appropriately. If we understand the value and impact of the activity in terms of the business need, we can deploy the correct resources and capability.
Does the portfolio have the right mix of resources to deliver business benefit?
Link portfolio resources to the defined IT and business strategies to ensure ROI/VOI. This entails balancing the appropriate investment mix which links current strategies to financial resources.
Will the current architecture effectively resolve the situation? Is it feasible?
Define the current architectural layers (i.e. business process, information, data, application, technology) and are those layers feasible to support the current situation?
Can the current architecture accommodate the situation?
Is the current architecture flexible, scalable, available, reliable, resilient, usable, maintainable, secure, affordable, etc.?
Do we have the necessary competencies to design the required change(s)?
Do current staff, internal or consultants, have the necessary skills, knowledge, information and experience or expertise to meet the design requirements?
What resources are required to resolve the situation (e.g. people, capital, technical…)?
Begin the planning process and list all potential resources to resolve the situation – think from an idyllic perspective and then let organizational constraints filter that list to an acceptable solution set.
Can the required resources be acquired?
Evaluate current resource capability toward meeting desired objectives versus a procured external solution (“build vs. buy”).
Is the necessary data and information available, collected and managed to resolve the current situation and prevent future occurrence?
Is information managed from creation to retirement?
In the following chapters, we present five unique caselets that represent common issues in the following general areas:
In each of the caselets, we have applied the Five Anchors and documented our thoughts based on the caselet around each anchor. If appropriate, we have listed sections from COBIT5, ISO/IEC 20000 and ITIL that would support or clarify the situation. We have used section numbers only for clarity – major section numbers have been provided in tables in the preceding chapters. Lastly, based on the analysis, we have applied one of the improvement models and defined the key steps required for successful resolution.