|
IFEAD is an independent research and information
exchange organization working on the future state of Enterprise
Architecture.
|
|
|
|
|
Strategic
Governance & Enterprise Architecture
|
The
Enterprise:
Using Enterprise Architecture for IT and Business
Governance Requirements, Part 1
By Clive Finkelstein
Governance
Responsibilities Imposed by Sarbanes-Oxley
The Sarbanes-Oxley Act of 2002 (also called "Sar-Ox"
or "SOX") assigns personal responsibility
to senior management of public and non-public organizations
in the U.S. and is also being applied in various forms
by other countries throughout the world. Of particular
concern is Section 404 of the Act, which relates to
"Management Assessment of Internal Controls."
This section requires an internal control report and
states "the responsibility of management for
establishing and maintaining an adequate internal
control structure and procedures for financial reporting."1
Typical
examples of the difficulties that face senior management
to ensure they support SOX are the following issues
related to internal control over financial reporting
of public companies and also in relation to judgments
and estimates:
"Management
is required to document the system of internal control
over financial reporting. As required by the Sarbanes-Oxley
Act of 2002 (SOX), section 404 (Management Assessment
of Internal Controls), management will be required
to assess the effectiveness of these controls. The
ASB [Auditing Standards Board] believes that the evidence
management uses to support its assertion about the
effectiveness of its internal control also should
be documented. The ASB believes that a failure to
document the system of controls or the evidence used
in making the assessment should be considered a weakness
in internal control."
"Management
must recognize that judgments and estimates are subject
to second-guessing, and an assessment can change in
a subsequent period if new information becomes available.
As a result, the system of internal control over estimates
is particularly sensitive because the auditor or a
regulator might conclude that the internal control
system was either not appropriate or not functioning
because it allowed an inappropriate estimate to be
booked in the first place. This will be true for any
account or control where there is a greater degree
of subjectivity."2
The
internal controls that are required will vary from
enterprise to enterprise. They will need to be tailored
to the relevant industry (or industries) within which
the organization operates; they are also typically
unique for each enterprise. They are determined by
its business activities and processes as well as its
financial controls. They are closely related to the
IT systems and databases that the enterprise uses
for financial and other reporting.
Read
more at the DM-Review site
Clive
Finkelstein, the father of information engineering
(IE), is an international consultant and an instructor.
He is the managing director of Information Engineering
Services Pty Ltd (IES) in Australia. You may contact
Clive Finkelstein by e-mail at cfink@ies.aust.com.
|
|
The
Enterprise:
Using Enterprise Architecture for IT and Business
Governance Requirements, Part 2
Column published in DMReview.com
December 1, 2004
By Clive Finkelstein
Part
1 of this column discussed the requirement of the
Sarbanes-Oxley Act of 2002 for internal control reporting
to senior management. The governance analysis that
is required by this Act in the U.S., and by similar
governance initiatives in other countries, was discussed
in terms of the questions that are addressed by enterprise
architecture. Several matrices were used to illustrate
typical questions that must be capable of being answered.
Part 2 of this column now discusses how these matrices
are developed. Both parts of this article are of interest
to senior management.
Developing
Governance Analysis Frameworks for an Enterprise
It is important to note that none of the matrices
in Figures 3-6 (found in Part 1 of this column) were
manually defined. To create the relevant row and column
titles manually for each of these tailored matrices
is extremely difficult; to keep them manually updated
continually as the enterprise changes over time is
even more difficult. Only if all matrices are maintained
up-to-date over time can they be relied on for effective
internal control. When other matrices also listed
in Part 1 are considered, manual definition and maintenance
of these matrices for internal control reporting purposes
is no longer a practical or realistic option.
Instead,
the relevant row and column titles for each matrix
in these figures were automatically generated by a
modeling tool (discussed later), based on a rigorous
governance analysis methodology. Each generated and
tailored matrix for an organization provides a GAF
to be completed by relevant business and IT experts.
When completed, these matrices provide a powerful
internal control reporting capability. Furthermore,
this automated support enables the matrices to be
easily maintained over time. Any relevant changes
are automatically applied to all other matrices that
are also affected. The methodology, the steps and
the modeling tools used to achieve this automatic
matrix creation and maintenance are discussed later
in this column, in the "Methods and Tools for
GAFs" and "Step-by-Step Approach for GAFs"
sections.
These
matrices are generated from the strategic business
plans that are defined and accepted by senior management
for the enterprise. Such plans define the strategic
directions that the senior management team establishes
to manage the enterprise today and provide direction
as it moves into the future. These strategic plans
provide a catalyst to develop a strategic map as part
of a tailored strategic model for the enterprise.
A
strategic map is a "picture of the business,"
similar in concept to the layout of a city. A city
map clearly shows the layout of streets ("where")
and the access routes that define "how"
to get there. It also indicates "what" is
located in parts of the city. Given a reason ("why")
to take a given route at a certain time ("when"),
people ("who") can use the map to navigate
through any city.
What
is missing in most enterprises is a similar map (or
picture) of the business. A city map can be purchased
at a store, but no stores sell strategic maps for
enterprises. In the absence of a strategic map for
your enterprise, it is difficult to answer the same
questions (as was discussed in Part 1). As a result,
internal control reporting is difficult.
A
strategic map that is developed and tailored to an
enterprise enables senior managers, as well as middle
managers, expert business staff and IT staff to see
the data, activities and processes, locations, business
units and people, the business events and the business
plans that all need to be managed effectively for
internal control reporting.
Read
more at the DM-Review site
Clive
Finkelstein, the father of information engineering
(IE), is an international consultant and an instructor.
He is the managing director of Information Engineering
Services Pty Ltd (IES) in Australia. You may contact
Clive Finkelstein by e-mail at cfink@ies.aust.com.
|
|
Project
Governance and Enterprise Architecture Go Hand
in Hand
The key to enterprise architecture (EA) effectiveness
is governance, and the key to governance is intervention
in IT projects. EA effectiveness is thus tied to project
governance. Project governance is also key to aligning
IT activity to business goals, cost control and providing
IT value. EA efforts need to implement processes to
maintain awareness of project initiation and to introduce
design scrutiny and guidance in a systematic fashion.
However, creating multiple non-integrated processes
for project governance to serve the various goals
will introduce an intolerable level of bureaucracy.
Rather, what is needed is an integrated approach to
project governance that will encumber project delivery
as little as possible while addressing architecture,
alignment and cost control requirements. IT organizations
that do not implement effective project governance
will be unable to achieve high level of architecture
compliance and will have no effective means to manage
to business goals or to attain a meaningful degree
of cost control.
|
Download
this Giga Research Report, December 2003 (pdf 195Kb)
|
|
Corporate
Governance:The New Strategic Imperative
Corporate governance:The new strategic imperativewas
written by the Economist Intelligence Unit and sponsored
by KPMG International.
The Economist Intelligence Unit bears sole responsibility
for the content of the report.The Economist Intelligence
Unit ’s editorial team conducted the interviews
and online survey and wrote the report.
Victor Smart was the main author.The findings and
views expressed in this report do not necessarily
reflect the views of KPMG International, which has
sponsored this publication in the interests of promoting
informed debate.
The research effort for this report comprised a number
of key initiatives:
• The Economist Intelligence Unit conducted a
special online survey to test the attitudes of senior
executives worldwide to corporate governance.One hundred
and fifteen international executives participated
in the survey,which was conducted in June-July 2002;full
survey results are available in an appendix to this
report.
• A series of in--depth interviews were held
with leading corporate and regulatory figures in July
and August 2002.Executives at over 30 different institutions
worldwide were interviewed from a diverse range of
countries and industries.
• The Economist Intelligence Unit also undertook
substantial desk research into corporate governance
and transparency practices worldwide.The research
effort was co-ordinated by Anthony Ray.
|
|
|
Strategic
Governance and Economic Diplomacy in China: The Political
Economy of Government-linked Companies from Singapore
Much
of the recent literature on China has focused on the
rationale and performance of private economic activities
by ethnic Chinese entrepreneurs. In this literature
on the so-called “Greater China” economic
linkages, Chinese ethnicity and guanxi networks have
occupied a privileged analytical role in explaining
the governance of cross-border economic activities
by these entrepreneurs from Hong Kong and Taiwan.1
We know relatively little, however, about the nature
and governance of other non-private forms of economic
activities in mainland China
that originate from other ethnic Chinese societies.
In particular, two newly industrialised economies,
Taiwan and Singapore, have several commonalties beyond
the fact that they both have majority ethnic Chinese
population. They also share a common developmental
trajectory in which the state plays a very significant
role in “governing the market”.2 Through
their respective economic planning agencies and centralised
political bureaucracy, the state in both economies
is able to charter and govern the strategic orientation
of their respective trajectories
of national economic development.
|
|
|
Strategic
Governance - Queensland Government Australia
The
strategic governance principles outline the higher
order governance indicators which relate to strategic
management and infrastructure management within the
Queensland Government. The principles sit alongside
the community outcomes and provide a tool for measuring
the Government's performance in governance issues.
This influences the Government's ability to deliver
effective services to the community.
Treasury's
role is to work with agencies to map agencies' outputs
to the outcomes, including the governance principles,
and also reports performance against the Governance
Principles in the annual Priorities in Progress report.
|
Stratic
Governance Principles
|
|
Enterprise
Architecture Governance Subcommittee (EAG)
The
purpose of the US Enterprise Architecture Governance
Subcommittee (EAG) is to provide policy guidance,
and advice and assistance in the definition, design
and implementation of Enterprise Architecture (EA)
discipline and practice throughout the Federal Government.
In addition, it serves as the core Federal group providing
advocacy for EA integration of business and technology
architectures across, state, local and international
boundaries. The EAG serves as a focal point for the
development and coordination of Federal government-wide
policy, guidance, including best practices for EA
development and implementation. The EAG establishes
common terminology definitions; and frameworks, including
the Federal Enterprise Architecture Framework (FEAF)
and Federal Technical Reference Models and Standards;
and practical guidance for use by Federal agencies
to effectively implement and sustain EA.
|
Enterprise
Architecture Highlights
|
|
Real
IRM Solutions’ Enterprise Architecture Governance
Governance
is fundamental in entrenching Enterprise Architecture
(essentially a new way of working) into a business.
IT Governance, like other governance domains, is the
responsibility of executives and shareholders (represented
by the board of directors). It is not an isolated
discipline; it has an integral role in enterprise
governance. It consists of the leadership and organisational
structures and processes that ensure that the organisation’s
strategies and objectives are sustained and extended
by its IT. Without adequate governance, Enterprise
Architecture will remain a theoretical concept that
will fail to deliver the desired business benefits.
|
|
US-GAO
defines Enterprise Architecture benchmarks
Responding
to agency requests, the General Accounting Office
has updated its guide on enterprise architectures
with expanded metrics to measure how well an agency
succeeds in implementation.
The
update, "Information
Technology: A Framework for Assessing and Improving
Enterprise Architecture Management," (426Kb pdf)
provides benchmarking tools for agencies to plan and
measure their efforts in developing enterprise architectures.
It also provides guidelines for the Office of Management
and Budget to evaluate agency efforts.
The
report was updated using feedback from the release
of the first version, published February 2002 and
entitled, “Information Technology: Enterprise Architecture
Use Across the Federal Government Can Be Improved.”
This
update expands the performance measurements identified
in the first report. It defines attributes critical
for success and offers a matrix to gauge how mature
an agency’s architecture is.
The
report defines an enterprise as any activity that
an agency executes. The architecture characterizes
how that activity is structured.
|
|
bITa
Center
bITa
Center acts as the focal point and knowledge hub that
highlights IT Alignment and Business IT Alignment
as sets of relationships among strategies, frameworks
and best practices.
As
a knowledge provider, bITa Center will provide insight
into identifying areas that help or hinder implementation
of best practices and a business model that the Enterprise
and IT should operate within and then examines the
effect of cultures on the model to establish best
practice for each enterprise’s situation.
www.bita-center.com
|
|
VA
Enterprise Architecture Governance Process
The
US Department of Veterans Affairs (VA) Enterprise
Architecture strategy was developed and unanimously
approved by the VA Enterprise Architecture Innovation
Team. Established by the Secretary of Veterans Affairs,
this team, made up of VA senior management business
line and information technology professionals, identified
and adopted the Zachman Enterprise Architecture framework
to organize VA's Enterprise Architecture, and decided
how that architecture will be governed and implemented.
The strategy provides for a governance system based
on decentralized implementation of information technology
and centralized management of Enterprise Architecture
in an atmosphere of collaboration, accountability,
and oversight.
http://www.va.gov/oirm/architecture/EA/strategy/
|
|
|
|
|
Extended Enterprise
Architecture Framework / E2AF &
Extended Enterprise Architecture Maturity Model / E2AM are Service Marks
(SM) registered by IFEAD |
