PO4 Define the IT Processes, Organization and Relationships

An IT organization is defined by considering requirements for staff, skills, functions, accountability, authority, roles and responsibilities, and supervision. This organization is embedded into an IT process framework that ensures transparency and control as well as the involvement of senior executives and business management. A strategy committee ensures board oversight of IT, and one or more steering committees in which business and IT participate determine the prioritization of IT resources in line with business needs. Processes, administrative policies and procedures are in place for all functions, with specific attention to control, quality assurance, risk management, information security, data and systems ownership, and segregation of duties. To ensure timely support of business requirements, IT is to be involved in relevant decision processes.

Control over the IT process of Define the IT Processes, Organisation and Relationships that satisfies the business requirement for IT of
  • being agile in responding to the business strategy whilst complying with governance requirements and providing defined and competent points of contact
by focusing on
  • establishing transparent, flexible and responsive IT organizational structures and defining and implementing IT processes with owners, roles and responsibilities integrated into business and decision processes
is achieved by
  • Defining an IT process framework
  • Establishing appropriate organizational bodies and structure
  • Defining roles and responsibilities
and is measured by
  • Percent of roles with documented position and authority descriptions
  • Number of business units/processes not supported by the IT organization that should be supported, according to the strategy
  • Number of core IT activities outside of the IT organization that are not approved or are not subject to IT organizational standards
Management of the process of Define the IT Processes, Organization and Relationships that satisfies the business requirement for IT of being agile in responding to the business strategy whilst complying with governance requirements and providing defined and competent points of contact is:

1 Non-existent
2 Initial/Ad Hoc
3 Repeatable but Intuitive
4 Defined
5 Managed and Measurable
6 Optimized

Benchmarks/Guidelines for Scoring

1 Non-existent when
The IT organization is not effectively established to focus on the achievement of business objectives.
2 Initial/Ad Hoc when
IT activities and functions are reactive and inconsistently implemented. IT is involved in business projects only in later stages. The IT function is considered a support function, without an overall organization perspective. There is an implicit understanding of the need for an IT organization; however, roles and responsibilities are neither formalized nor enforced.
3 Repeatable but Intuitive when
The IT function is organized to respond tactically, but inconsistently, to customer needs and vendor relationships. The need for a structured organisation and vendor management is communicated, but decisions are still dependent on the knowledge and skills of key individuals. There is an emergence of common techniques to manage the IT organization and vendor relationships.
4 Defined when
Defined roles and responsibilities for the IT organization and third parties exist. The IT organization is developed, documented, communicated and aligned with the IT strategy. The internal control environment is defined. There is formalization of relationships with other parties, including steering committees, internal audit and vendor management. The IT organization is functionally complete. There are definitions of the functions to be performed by IT personnel and those to be performed by users. Essential IT staffing requirements and expertise are defined and satisfied. There is a formal definition of relationships with users and third parties. The division of roles and responsibilities is defined and implemented.
5 Managed and Measurable when
The IT organization proactively responds to change and includes all roles necessary to meet business requirements. IT management, process ownership, accountability and responsibility are defined and balanced. Internal good practices have been applied in the organisation of the IT functions. IT management has the appropriate expertise and skills to define, implement and monitor the preferred organization and relationships. Measurable metrics to support business objectives and user-defined critical success factors (CSFs) are standardized. Skill inventories are available to support project staffing and professional development. The balance between the skills and resources available internally and those needed from external organizations is defined and enforced. The IT organizational structure appropriately reflects the business needs by providing services aligned with strategic business processes, rather than with isolated technologies.
6 Optimized when
The IT organizational structure is flexible and adaptive. Industry good practices are deployed. There is extensive use of technology to assist in monitoring the performance of the IT organization and processes. Technology is leveraged in line to support the complexity and geographic distribution of the organization. There is a continuous improvement process in place.