What are some good
Frameworks?
HOW TO DRIVE VALUE
FROM YOUR INVESTMENT IN INFORMATION TECHNOLOGY
TODAY’S FOCUS IS ON:

INTRODUCTION
This presentation has been delivered by John Halliday to many
professional bodies including:
• ISACA (Information Systems Audit and Control Association)
• CPA Australia
• Australian Information Industry Association
John will be developing 5 minute videos of various aspects of this
presentation and posting them to his LinkedIn profile
Technology Governance Services is a strategic partner of Info~Tech

OBJECTIVE
This PDF presentation aims to:
Assist the C-Suite (CEO, CIO, CRO, CSO), Board Members
and Audit and Risk Committees to …….
Be aware of good IT governance frameworks and
references and …….
Thereby have Value conversations with IT professionals and
Assist IT professionals to drive, and prepare for these
conversations
It will cover a wide range of frameworks and references

OUTLINE
• Target Audience
• Role of the CIO and CFO in the context of value from IT
• Good Frameworks and references:
• Technology Business Management
• Gartner - IT MOOSE (Maintain and Operate the Organisation, Systems and Equipment)
• ITIL
• Enterprise Architecture - TOGAF
• IT4IT - Reference Architecture
• Applied Business Architecture
• COBIT
• Info~Tech

LEVERAGING MY EXPERIENCE AND
QUALIFICATIONS
Cross industry
experience in
Accounting,
Governance, IT, Internal
and External Audit
Professional Bodies:
FCPA FGIA
IIA ISACA AISA
COBIT5 IT Governance
Foundation Certified
(ISACA)
IT4IT Value Steam
Foundation Certified
(The Open Group)
Applied Business
Architecture Certified
(The Open Group)
Certified in the
Governance of
Enterprise IT
(ISACA)

TARGET AUDIENCE
Executive
C-Suite …..
CEO, CFO, CIO,
CRO
Boards
Audit and
Risk
Committee

KEY CHALLENGES
The CIO and the CFO need to be at the table speaking the
same governance language as the CEO for value to be
created and provided to the BOARD
Active communication, providing transparency and being
seen by the business to be sending the one message is
essential
The inability to justify the value from IT can lead to further
cost reduction targets being imposed on the CIO
Most CIOs are not able to access funds due to the lack
of demonstration of the value of these investments
Most CFOs view IT as a cost centre and, therefore, are
not linking investment in IT with value creation

GOOD FRAMEWORKS AND REFERENCES
The following slides will provide an overview of some good frameworks or references that you may find useful,
including:
• Technology Business Management
• Gartner - IT MOOSE
• ITIL
• Enterprise Architecture - TOGAF
• IT4IT - Reference Architecture
• Applied Business Architecture
• COBIT
• Info~Tech
The diagrams relating to IT4IT and Applied Business Architecture have been a sourced from The Open Group
certification http://www.opengroup.org/certifications

TECHNOLOGY BUSINESS MANAGEMENT
• Value Management framework
• Designed by CIO and CTO's
• Founded on transparency of costs,
consumption, and performance

GARTNER – IT MOOSE
• Spending to Maintain and Operate the Organisation, Systems,
and Equipment (MOOSE)
• Top 20 Initiatives e.g.
• Embark on application rationalisation to help IT shed duplicate
applications and infrastructure.
• Get improved data on application resource usage so you can
make better use of maintenance staff.
• Use application portfolio management (APM) tools to develop
metrics to drive maintenance effort and cost reductions.

GARTNER – IT MOOSE

ITIL – IT INFRASTRUCTURE LIBRARY
5 Books Purpose
Service Strategy Business goals and customer
requirements
PLAN
Service Design How to move strategies into plans
that help the business
PLAN/
DELIVER
Service Transition How to introduce services into the
environment
BUILD
Service Operation How to manage the IT services RUN /
MONITOR
Continual Service
Improvement
Helps adopters evaluate and plan
large and small improvements to IT
services
MONITOR

ENTERPRISE ARCHITECTURE - TOGAF
• The Open Group Architecture Framework (TOGAF)
• Enterprise architecture methodology and framework used to
improve business efficiency
• A comprehensive framework for managing and aligning IT assets,
operations, projects and people with operational characteristics.
• It aims for alignment between business vision and IT strategy and
defines how information and technology supports and benefits
the business
• Sometimes disconnect at Executive / Stakeholder level

TOGAF
Enterprise
architecture
methodology
and framework
used to improve
business
efficiency

IT4IT – VALUE REFERENCE ARCHITECTURE

IT4IT and OTHER
FRAMEWORKS
An IT4IT view

IT4IT VALUE STREAMS

APPLIED BUSINESS ARCHITECTURE
• Use a Capability-based Planning approach to
shape and operationalise strategy
• Identify key Stakeholders and their concerns and
determine how to find answers for those
concerns
• Review in-flight IT projects and align to strategic
pillars
• Summarise Business Modelling techniques and
artefacts

TAKES A
BUSINESS
PERSPECTIVE
APPLIED BUSINESS ARCHITECTURE

ALIGN TO
CAPABILITY
APPLIED BUSINESS ARCHITECTURE

VALUE THROUGH
BUSINESS CAPABILITY
MODELLING (BCM)
Key focus areas:
• STRATEGY ALIGNMENT
• CAPABILITY MATURITY
• IN-FLIGHT PROJECTS
• PAIN POINTS
• Overlays
APPLIED BUSINESS ARCHITECTURE

APPLIED BUSINESS ARCHITECTURE
In-Flight IT Project
should be aligned
to Business Strategy

APPLIED BUSINESS ARCHITECTURE
The Business Model Canvass
• Key Partners
• Key Activities
• Key Resources
• Value Proposition
• Customer Relationships
• Channels
• Customer Segments
• Cost Structure
• Revenue Streams

APPLIED BUSINESS ARCHITECTURE

IF BUSINESS ARCHITECTURE IS
NOT PERFORMED
• Enterprise architecture teams risk performing
enterprise technical architecture only
• Business context confusion: confusion between
why, what and how
• Risks too many conversations about technical
standards
• Business governance becomes disconnected
from IT investment and business driven decisions,
leading to critical gaps!

COBIT – VALUE CREATION
The COBIT5 Framework
is driven by
Stakeholder Needs
(Note that COBIT 2019 has just been published
and will the subject of further updates)

WHAT IS VALUE ? – COBIT
Stakeholder
Needs
Resource
Optimisation
Risk
Optimisation
Benefits
Realisation

WHAT IS VALUE ?
Stakeholder
Needs
Cost Risk Benefits
For further information you van
view a 5 Minute Video either on
my LinkedIn profile or on the link
below:
“What is value?”
Allow me the
licence to refer to
Resource
Optimisation in the
context of Cost!

KEY VALUE CONCEPTSStakeholder
Needs
Cost
Transparency
Trust
Risk
Uncertainty
Uncertain
Future Risk
Event
Benefits
Objectives
Strategic Pillars
& Business
Capabilities
Cost => Transparency => Trust
When the business has
TRANSPARENCY on costs
this leads to TRUST
and a greater desire to partner with
IT to drive value
Resource Optimisation initiatives
should impact positively on
revenue, margin, expenses, capex
and opex outcomes …… in the
broad context of Cost

KEY VALUE CONCEPTSStakeholder
Needs
Cost
Transparency
Trust
Risk
Uncertainty
Uncertain
Future Risk
Event
Benefits
Objectives
Strategic Pillars
& Business
Capabilities
Risk => Uncertainty => Uncertain Future Risk
Event
ISO 31000:2009 Risk Standard defines
risk as “the effect of uncertainty on
objectives”
Monte Carlo modelling techniques
can be used to model risk and assist
in defining risk appetite in the context
of uncertain future risk events

KEY VALUE CONCEPTSStakeholder
Needs
Cost
Transparency
Trust
Risk
Uncertainty
Uncertain
Future Risk
Event
Benefits
Objectives
Strategic Pillars
& Business
Capabilities
Benefits => Objectives => Strategic
Pillars& Business Capabilities
Benefits are realised when business
objectives are achieved and IT is
aligned to business strategic pillars
and required maturity level of
business capabilities

COBIT – BASED ON 5 PRINCIPLES

COBIT – BASED ON 7 ENABLERS

COBIT IMPLEMENTATION GUIDE

COBIT - BUSINESS GOALS CASCADE

COBIT - 5 DOMAINS, 37 PROCESSES
The Goals
Cascade helps
to focus the
priority COBIT
Processes
It is NOT the aim
to implement all
COBIT Processes
at once

INFO~TECH FRAMEWORK
 Leverages COBIT and adds to it
 Maps the process landscape
 Fast Track to Goals and Metrics
 Dive deeper into the performance
of processes.
 Use the results to facilitate team
alignment
 Tracks and assigns ownership and
accountability
 Underpinned by blueprints and
resources

INFO~TECH 9 DOMAINS
• Strategy & Governance
• People & Resources
• Financial Management
• Service Planning & Architecture
• Infrastructure & Operations
• Security & Risk
• APPs
• Data & Business Intelligence (BI)
• PPM & Projects

INFO~TECH 8 ADDITIONAL PROCESSES
ITGR01 IT Organisational Design
ITGR02 Leadership, Culture & Values
ITGR03 Manage Service Catalogues
ITGR04 Application Portfolio Management
ITGR05 Application Maintenance
ITGR06 Business Intelligence & Reporting
ITGR07 Data Architecture
ITGR08 Data Quality

EXAMPLE INFO~TECH COMPARISON TO COBIT
InfoTech Domain / Process COBIT Domain COBIT Process
Strategy & Governance
APO01 IT Management & Policies Align, Plan and Organise APO01 Manage the IT Management
Framework
APO02 IT Strategy Align, Plan and Organise APO02 Manage Strategy
APO04 Innovation Align, Plan and Organise APO04 Manage Innovation
APO08 Stakeholder Relations Align, Plan and Organise APO08 Manage Relationships
EDM01 IT Governance Evaluate, Direct and Monitor EDM01 Ensure Governance Framework
Setting and Maintenance
EDM05 Stakeholder Relations Evaluate, Direct and Monitor EDM05 Ensure Stakeholder Transparency
MEA01 Performance Measurement Monitor, Evaluate and Assess MEA01 Monitor, Evaluate and Assess
Performance and Conformance

INFO~TECH ALIGNS WITH BUSINESS GOALS
TRANSFORM
Creates new industry
EXPAND
Extends into new business
Generates revenue
OPTIMIZE
Increases efficiency
Decreases costs
SUPPORT
Keeps business happy
Keep costs low
STRUGGLE
Does not embarrass
Does not crash
CEO Optimal
CEO Actual
CIO Optimal
CIO Actual
The role of IT needs to be
defined by the business
and realised by IT
Value is created by
ensuring that the CEO
and CIO agree on how
the IT role is defined so
that IT effectively
addresses business needs
and move from the ICT
Current State to an
agreed ICT Future State

INFO~TECH ALIGN WITH THE COBIT 5 FRAMEWORK
Effective processes are
essential to the success of IT
By understanding
Stakeholder Needs, business
goals and identifying IT
priorities and pain points,
the focus is on the right IT
processes to drive business
goals

Diagnostic programs incorporate smart analytic
engines that provides powerful reports that help CIOs
make critical decisions
DIAGNOSTIC PROGRAMS

CEO – CIO ALIGNMENT DIAGNOSTIC
• Understand the CEO's vision for IT
• CEO and CIO are “on the same page”
• A clear message is sent to the Board
• Identify and build core IT processes that automate IT-business
alignment
• Create a plan to address alignment gaps
• Deliver your plan to demonstrate IT value and progress
• Use the right metrics to evaluate IT and communicate progress
• Deliver results in a way that works for the CEO

IT Security Diagnostic Program
This diagnostic seeks responses to key questions to fast track the information management maturity
level and identify accountable persons in the following focus areas:
• Risk Analysis
• Compliance Management
• Auditing
• Vulnerability Management
• Event and Incident Management
• Security Culture
• Network Security - Policies And Processes Governance
• Host Security for Servers - Policies And Processes Governance
• End User Devices - Policies And Processes Governance
• Application Security - Policies And Processes Governance
• Data Security - Policies And Processes Governance
• IAM (Identity and Access Management) Security - Policies And Processes Governance
• Physical Security - Policies And Processes Governance

IT Security Diagnostic Program – example report

HOW TO DRIVE VALUE FROM YOUR
INVESTMENT IN INFORMATION
TECHNOLOGY …. TODAY’S FOCUS WAS ON:
What are some good
Frameworks?

TECHNOLOGY GOVERNANCE SERVICES
SPECIALTY AREAS✔ Information Security Governance Diagnostic
✔ CEO / CIO Alignment Diagnostic
✔ IT Staffing Diagnostic
✔ IT Management and Governance Diagnostic
✔ Leveraging the CIO Business Vision to Drive Value
✔ Project Assurance Reviews
✔ Incident Management Root Cause Analysis
✔ Fast Track Information Security Policies aligned to ISO 27000
✔ Managing Phishing & “Change of bank account” scams
✔ Cyber Risk Governance Review
✔ Data Breach Management and Planning Review
✔ Embedding a Pragmatic IT Governance Environment

For assistance with clarifying anything in this
article regarding driving value from your
investment in Information Technology
go to my diary at
calendly.com/technologygovernance
or freecall
1800TechGov