Mapping CobiT to the IS Rating Tool This document provides a first overview of the mapping PO1, PO2 of CobiT(*) (Plan and Organize) to the IS Rating Tool and the Agility Chain Management System (ACMS). A further and more detailed mapping will be established within 2010, when the official release of the IS Rating Tool is available (planned for the end of June 2010). All remarks and suggestions about this first analysis are welcome by email or through our Linkedin Group.
Quote from CobiT 4.1 PO1.1 IT Value Management “IT process should provide effective and efficient delivery of the IT components of programmes and early warning of any derivations from plan, including cost, schedule or functionality that might impact the expected outcomes of the programmes. IT should be executed against equitable and enforceable service level agreement (SLAs)”.
ACMS contributions With the ACMS foundation, the outcomes are defined through the business added-values stemming from three Business Repositories: Data, Rules and Processes. These repositories are established with help from three IT components: Master Data Management (MDM), Business Rules Management System (BRMS) and Business Process Management (BPM). These IT components provide Business Users and Stakeholders with easy to use governance features to drive (author, test, deploy...) their data, rules and processes.
The achievement of the ACMS enhances agility, auditability, traceability and removes usual rigidity and opacity of IS.
The usual lack of IS transparency is mainly the result of a too hard-coded implementation of IS Assets (Master Data, Business Rules and Processes) at the expense of Business Users and Stakeholders involvements.
The ACMS enforces Business Repositories through the linking value brought by the linking of these repositories in a timely way, following a natural path: first governing Data, second governing Rules and then governing Processes.
Therefore, IT Components identification, as required by this CobiT PO1.1 process, are as follows: MDM (Master Data Management), BRMS (Business Rules Management System) and BPM (Business Process Management).
IS Rating Tool contributions The IS Rating Tool is used to establish priorities of IT investments related to business governance of Data, Rules and Processes. The rating highlights the performance levels of the value management of each IS Assets based on Data, Rules and Processes. The more these IS Assets are hard-coded within opaque software, the less an equitable and enforceable service level agreement with Business Users and Stakeholders is guaranteed.
The IS Rating Tool takes into consideration the linking value of IS Assets. In other words, the measurement of the sole Processes Repository is not relevant when missing the rating of Business Rules. Moreover, the measurement of the sole Business Rules is not sufficient when missing the rating of Reference and Master Data. Indeed, Processes are based on Business Rules, and these latter are based on Reference and Master Data. The linking value of this chain allows for targeting a full IS Assets assessment.
Quote from CobiT 4.1 PO1.2 Business IT Alignment “Establish processes of bi-directional education and reciprocal involvement in strategic planning to achieve business and IT alignment and integration. Mediate between business and IT imperatives so priorities can be mutually agreed”.
ACMS contributions The achievement of business and IT alignment is reinforced with help from the three Business Repositories: Data Repository, Rules Repository and Processes Repository.
Each Repository provides business users with governance features such as querying, authoring, testing, version management, history, archiving... of their Data, Rules and Processes. Education and reciprocal involvement between IT and Business is easier when using concrete governance features, such as brought by the ACMS.
The ACMS fits perfectly also when using software packages such as ERP, CRM, Supply Chain, etc. In this scenario, all Master Data elements are located to the MDM, all Processes are located to the BPM and all business rules customizations are located to the BRMS. When time has come to integrate a new software package release, it is easier to drive it since all customizations and key IS Assets are located outside the software package.
With help from the ACMS, the Business IT Alignment is enforced in a sustainable way, not only when defining requirements at the beginning of projects or when establishing annual strategic IT plans. ACMS brings a daily basis Business IT Alignment.
IS Rating Tool contributions A subset of the IS Rating is used to support a bi-directional communication and involvement of Business Users and IT specialists around the ACMS foundation.
The consolidated rates obtained for each IS Assets (Data, Rules and Processes) highlights three performances levels: Data Assessment: - Mastering Data Knowledge - Mastering Data Governance - Mastering IT approach to manage Data Rules Assessment: - Mastering Rules Knowledge - Mastering Rules Governance - Mastering IT approach to manage Rules Processes Assessment: - Mastering Processes Knowledge - Mastering Processes Governance - Mastering IT approach to manage Processes
As an open source rating tool, companies can publish their lessons learnt and share feedbacks to benefit from benchmarking(*).
(*) Anonymous publication via the Sustainable IT Architecture’s website.
Quote from CobiT 4.1 PO1.3 Assessment of Current Capability and Performance “Assess the current capability and performance of solution and service delivery to establish a baseline against which future requirements can be compared."
ACMS contributions Companies must establish an assessment of the level of hard-coding within their existing systems and created when deploying new ones.
Hard-coding defintion, quote from Wikipedia: "Considered an anti-pattern, hard coding requires the program's source code to be changed any time the input data or desired format changes, when it might be more convenient to the end user to change the detail by some means outside the program."
Most of the time, the current Capability and Performance of existing IS strongly depend on the level of hard-coding applied to Data, Rules and Processes. All stakeholders should be aware of this significant trouble. The ACMS tackles this concern by implementing IS Assets with help from Business Repositories (MDM, BRMS, BPM) connected together to benefit from an additional business linking value.
IS Rating Tool contributions The IS Rating Tool brings a full assessment of the current capability and performance regarding the Business Repositories management, as stated by the ACMS.
With help from this assessment it becomes easier to establish priority with business users such as business objectives, IS governance features requirements, staging of deployment, etc.
Quote from CobiT 4.1 PO1.4 IT Strategic Plan “Create a strategic plan that defines, in co-operation with relevant stakeholders, how IT goals will contribute to enterprise’s strategic objectives and related costs and risks. It should include how IT will support IT-enabled investment programmes, IT services, and IT assets."
ACMS contributions The funding of the ACMS is based on several lines of investments following a step-by-step deployment. The natural path is to start with the Data Repository (MDM) and then linked it to the Rules Repository in a progressive way (BRMS). Then, the Processes Repository is added as it relies on Rules and Data. Obviously, the MDM Repository mustn’t be deployed at the whole scale of the company before deploying the Rules Repository (BRMS), and then the Processes Repository (BPM).
Usual lines of investments can be easily identified and detailed: modeling works, business training (governance features), IT support, software licenses.
With the ACMS, IT goals are easily connected to enterprise's strategic objectives since Business Repositories provide Stakeholders with governance features of their IS Assets. All requirements in the field of risks management(*), data quality, regulatory compliance, security, agility and transparency are targeted by the ACMS foundation.
(*) including a Business Alerts Management system applied on Business Repositories directly. Then, it becomes easier to oversee all IS Assets by authoring events and business rules over Data, Rules and Processes.
IS Rating Tool contributions The IS Rating Tool provides a support to define how objectives will be met, for example about the data modeling domain needed to deploy the Data Repository. Through the check-list provided by the IS Rating Tool for each IS Assets (Data, Rules, Processes) it becomes easier to check investments needed and risks associated in terms of Mastering Knowledge, Mastering Governance features, and Mastering IT.
CobiT - PO2 Define the Information Architecture
Quote from CobiT 4.1 PO2.1 Enterprise InformationArchitecture Model “Establish and maintain an enterprise information model to enable applications development and decision-supporting activities, consistent with IT plans as described in PO1. The model should facilitate the optimal creation, use and sharing of information by the business in a way that maintains integrity and is flexible, functional, cost-effective, timely, secure and resilient to failure.”
ACMS contributions The answer by ACMS is based on the Common Information Model (CIM) approach. CIM is a semantic data model defined and maintained at the whole scale of the company, over physical databases boundaries. This deliverable is quite difficult to achieve. Then to support this work, Sustainable IT Architecture defines a step by step approach to deliver and enhance the CIM. To get further information about the modeling procedures applied here, please jump to our sister community MDM Alliance Group (MAG). The MAG provides open source modeling procedures in the field of enterprise data models, including Master Data Management issues.
Following this CobiT process PO2.1 statement, the ACMS foundation is first of all based on Data, managed as a real IS Asset at the whole scale of the company.
IS Rating Tool contributions This PO2.1 "Enterprise Information Architecture Model" defined by CobiT is fully covered by the Data Assessment of the IS Rating Tool, part “Mastering Data Knowledge”. It provides enterprises with a detailed check-list used to deploy their Enterprise Data model at the whole scale of the organization.
Using the IS Rating Tool, companies can gauge their performance levels in the field of Enterprise Data Architecture, in other words they can evaluate their ability to deliver an Enterprise Information Architecture Model as stated by CobiT PO2.1.
Quote from CobiT 4.1 PO2.2 Enterprise Data Dictionary and Data Syntax Rules “Maintain an enterprise data dictionary that incorporates the organisation’s data syntax rules. This dictionary should enable the sharing of data elements amongst applications and systems, promote a common understanding of data amongst IT and business users, and prevent incompatible data elements from being created.”
ACMS contributions The CIM approach (see above) relies on an Enterprise Data Dictionary embodied through the Master Data Management (MDM), in other words within the Data Repository directly.
IS Rating Tool contributions The IS Rating Tool measures the performance level of Data Dictionaries including referential integrity constrains spanning Business Objects regardless of physical databases boundaries, in other words it also gauges the managempent of semantic dependency links . It also takes into consideration the linking value between Data, Business Rules and Processes
Quote from CobiT 4.1 PO2.3 Data Classification Scheme "Establish a classification scheme that applies throughout the enterprise, based on the criticality and sensitivity (eg., public, confidential, top secret) of enterprise data. This scheme should include details about data ownership; definition of appropriate security levels and protection controls; and a brief description of data retention and destruction requirements, criticality and sensitivity. It should be used as the basis for applying controls such as access controls, archiving or encryption."
ACMS contributions All meta-data defining classification schemes and security rules are managed through the Data Repository embodied with help from the Master Data Management (MDM).
IS Rating Tool contributions The IS Rating Tool allows companies for evaluating their performance level in this field. See “Mastering Data Governance” part of the IS Rating Tool.