PO04 Process Description

1. Description

Planning and control to enable an organization suitable in numbers and skills with roles and responsibilities defined and communicated, aligned with the business and that facilitates the strategy and provides for effective direction and adequate control.

2. Service Activities

Oversight Committee: oversee the information services function and its activities,
Achievements: reviewing the organizational structure to continuously meet objectives and changing circumstances,
Quality assurance: ensure that appropriate quality assurance, systems, controls and communications expertise exist,
Security: assuring both the logical and physical security of the organization's information assets and regular reporting to Cluster senior management,
Ownership maintenance: ensure that all information assets (systems and data) have an appointed owner who makes decisions about classification and access rights. Review supervisory practices and the division of roles and responsibilities to ensure they are properly exercized, to assess whether all personnel have sufficient authority and resources to complete their work, and to generally review key performance indicators,
Staffing: Staffing requirements evaluations should be regularly performed to ensure the information services function has a sufficient number of competent information technology staff. Define and identify key information technology positions and personnel,
Contracted staff: define and implement relevant procedures for controlling the activities of consultants and other contract personnel by the information services function to assure the protection of the organization's information assets,
Relationships: establish and maintain an optimal coordination, communication and liaison structure between Cluster and various other interests inside and outside the Cluster (clients, suppliers, security officers, risk managers, etc.,).

3. Key Goal Indicators

Number of delayed business projects due to IT organizational inertia or unavailability of necessary capabilities
Number of core IT activities outside of the IT organization that are not approved or are not subject to IT organizational standards
Number of business units supported by the IT organization
Survey rating of IT staff’s business focus, morale and job satisfaction
Percent utilization of IT personnel on IT processes that produce direct business benefits

ebc Service Commitments

4. Key Performance Indicators

Age of organizational change, including reorganization or organizational reassessment
Number of organizational assessment recommendations not acted upon
Percent of IT organizational functions which are mapped into the business organizational structure
Number of IT units with business objectives directly cascaded into individual roles and responsibilities
Percent of roles with documented position descriptions
Average lag time between change in business direction and the reflection of the change in the IT organizational structure
Percent of essential functions which are`explicitly identified in the organizational model with clear roles and responsibilities

ebc Service Commitments

Assessment requests acknowledged in 2 days, begun within 5 days and completed within 30 days

5. Critical Success Factors

The IT organization communicates its goals and results at all levels
IT is organised to be involved in all decision processes, respond to key business initiatives and focus on all corporate automation needs
The IT organizational model is aligned with the business functions and adapts rapidly to changes in the business environment
Through encouraging and promoting the taking of responsibility, an IT organization develops and grows individuals and heightens collaboration
There are clear command and control processes, with segregation where needed, specialization where required and empowerment where beneficial
The IT organization properly positions security, internal control and quality functions, and adequately balances supervision and empowerment
The IT organization is flexible to adapt to risk and crisis situations and moves from a hierarchical model, when all is well, to a team-based model when pressure mounts, empowering individuals in times of crisis
Strong management control is established over the outsourcing of IT services, with a clear policy, and awareness of the total cost of outsourcing
Essential IT functions are explicitly identified in the organization model, with clearly specified roles and responsibilities

6. Additional Information

Maturity Level Characteristics


0	1	2	3	4	5