IS STRATEGY & ICT GOVERNANCE PLAN FOR VICROADS

Transcription

1 IS STRATEGY & ICT GOVERNANCE PLAN FOR VICROADS A Proposal Report Assignment: A02 - IS Strategy & ICT Governance Report Subject: IS Strategy & Governance (ISYS Sem ) Group X: Ahmed Dédeche Prashanth Purushothaman Marco Reyes Philip Kibaki Reshma Muralidharan Rui Ji The University of Melbourne Master of Information Systems ISYS90038-IS Strategy & Governance

2 Table of Contents Executive Summary Introduction Background Choice of Evaluative ICT Governance Framework About COBIT Why COBIT Current ICT Strategy Current Business Goals and Directions Current ICT Strategic Plan Current Strategic Planning Framework Stakeholder Analysis Analysis and Evaluation of Current ICT Strategy Six critical success factors Key Findings: Current ICT Governance Current ICT Governance Analysis and Evaluation of Current ICT Governance Current ICT Governance Decision Making Analysis & Evaluation Operating Model Governance Arrangement Matrix ICT Governance Design Framework ICT Governance Policy Framework ICT Governance Performance Measurement Conclusion current IT Decision Making Proposed ICT Governance Plan Operational Strategy Operating Model Enhancement An Enabling Enterprise Architecture Proposed Governance Arrangement Optimising Decision Making Arrangements of 68

3 4.2.2 Forming an IM&T Independent Department Proposed ICT Governance Processes Align, Plan & Organise Build, Acquire & Implement Deliver, Service & Support Monitor, Evaluate & Assess (runs across APO, BAI & DSS) Evaluate, Direct & Monitor (runs across APO, BAI & DSS) Proposed ICT Governance Performance Measurement Identified Enterprise Enablers Processes Organisational Structure Culture, Ethics & Behaviour Information Resources ICT Services, Infrastructure & Applications People, Skills & Competencies Proposed ICT Governance Design Framework Alignment of ICT Infrastructure and Behaviours with Organisational ICT Strategy Alignment of ICT Governance Mechanisms with ICT Governance Arrangements Alignment of ICT Performance Metrics and Accountability with Business Performance Goals Proposed Implementation and Change Management Introduction Themes for Increasing Agreed Acceptance of Change Change Plans and Implementation References Appendix... I 6.1 Acronyms... I 6.2 Table of Figures & Tables... II Figures... II Tables... II 6.3 COBIT 5 process reference model used in VicRoads... III 2 of 68

4 Executive Summary This report aims to provide VicRoads with guidance in terms of IS strategy and ICT governance. It seeks to conduct an assessment of VicRoads current ICT governance policies and practice, its alignment with ICT strategy and finally seek to provide, in form of a proposal, future directions for these areas. The focus of this report will be on the proposed plan, which in turn, will provide guidance in development of VicRoads overall enterprise architecture. This report is divided into three main sections: 1. Current ICT Strategy (Section 2) In this section the current ICT strategy in VicRoads is introduced, by identifying: business goals, business directions, strategic plan, stakeholders and strategic planning framework. Subsequently, the ICT strategy is evaluated and assessed against industry standards. Finally a list of key findings is concluded. 2. Current ICT Governance (Section 3) Likewise, VicRoads current ICT governance is evaluated in this section. First a detailed evaluation against COBIT 5 Enabling Processes criteria is conducted. Next, an assessment of current organisational operations is done utilising Operating Model analysis. Furthermore, the current ICT governance decision making is assessed mainly by identifying the Decision Arrangements and the Governance Design Framework. Finally, an assessment of governance performance measurements is also carried out. 3. Proposed ICT Governance Plan (Section 4) In this section a holistic ICT Governance Plan is proposed; a plan that addresses all the identified issues in the previous two sections. Namely, enhancing: the operating model, the decision making arrangements, the design framework and the governance performance measurements. A governance plan is proposed based on COBIT 5 with identified enablers for quick wins. Finally, an implementation and change management plan is suggested to successfully implement the ICT governance plan. 3 of 68

5 1 Introduction 1.1 Background VicRoads is a Victorian statutory authority a state government agency that assists the Victorian government in Australia achieve its integrated transport policy objectives. It supports Victoria s liveability and economic prosperity by planning, developing and managing the major road network and delivering registration and licensing services (VicRoads, 2014). The Chief Executive is appointed by the governor in the council and is constantly reporting to the larger - department of transportation. Being a government agency, VicRoads is bound to the state government objectives and seek to follow its strategies. This largely shapes VicRoads strategic directions and objectives. Consequently, VicRoads sets out a strategic direction for its ICT to enable it achieve its organisational goals outlined. The strategy provides a clear link between the VicRoads organizational strategic direction and challenges the IM&T principles and key business outcomes. Therefore, Information management and technology (IM&T) is a key business enabler in delivering VicRoads Strategic Directions. This Strategy defines the strategic direction for IM&T investment and establishes the framework to identify and prioritise IM&T investments across VicRoads. The Strategy applies to all holders of information assets and associated technology across VicRoads. It is governed by the Information Access and Technology (IA&T) committee (VicRoads, 2014). In addition, VicRoads prepares on an annual basis, a Corporate Plan which is a companion document to the Strategic Directions. It outlines key initiatives for the forthcoming year that are aligned with the objectives, strategic priorities and internal capabilities. Information Management and Technology (IM&T) Services IM&T is mandated by VicRoads to provide the following services: information communications technology (ICT) infrastructure provision, service support, business application development, project delivery, strategic planning, policy development, spatial and information services, client relationship management. The strategy encompasses all these services (VicRoads, 2014). In summary VicRoads IM&T Strategy: Defines the strategic direction for information management and information technology within VicRoads. Establishes the framework to identify and prioritise IM&T investments. Sets out the priority activities to delivery and support the strategy. 4 of 68

6 1.2 Choice of Evaluative ICT Governance Framework The COBIT 5 framework has been selected for the evaluation of IM&T strategic and governance plan. It will also form the basis from which the proposal is made. This framework extends upon and incorporates several other major frameworks, standards and community resources. Thus gives a complete view of the governance and management of IT and especially enterprise IT About COBIT 5 COBIT 5 amasses a number of models, practices, principles and tools that enable IT governance and optimal value for the enterprise. It does this by addressing the relationship between IT and business as well as guiding the management of internal and external stakeholders. In a nutshell, COBIT 5 is based on 5 Principles: 1. Meeting stakeholder needs; 2. Covering the enterprise end-to-end; 3. Applying a single integrated framework; 4. enabling a holistic approach; 5. Separating governance from management. It also addresses what it defines as Enablers. These are: a) Principles, policies and frameworks; b) Processes; c) Organizational structures; d) Culture, ethics and behaviour; e) Information; f) Services, infrastructure and applications; g) People, skills and competencies; In essence, COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimises information and technology investment and use for the benefit of stakeholders Why COBIT 5 IM&T in charge of VicRoads ICT needs is part of the larger Victoria Government (VoG). As a government agency in Victoria, this means that policy direction is guided through to IM&T by Victoria Government. In turn, the Victorian Government uses the ISO Standard: ISO as the basis for building ICT strategy and governance. COBIT 5 complies and fits right in with various ISO standards including ISO 38500, making it a most suitable choice of framework. In addition, through what COBIT 5 defines as Enabling Processes, a comprehensive set of processes and practices can be defined in direct reference with VicRoads goals and directions. This is complemented with a set of metrics for the enterprise and IT-related goals. 5 of 68

7 Current ICT Strategy 2 Current ICT Strategy 2.1 Current Business Goals and Directions The focus of Strategic Directions for VicRoads is on road systems as it is the foremost part of the transport system for which they are responsible. The goals can precisely be stated as: Operate and maintain road systems for easy and reliable transport. Improve road connections between important places and people. Improve road safety. To make Road System more environmentally sustainable. In order to achieve these objectives, it is necessary for VicRoads to adopt measures to confront all the challenges efficiently. These challenges involve demographic influence which would result into increased freight carried in roads, increasing resource efficiency in order to increase environmental sustainability, increasing resistance against extreme weather events, efficiency in exchange of information between customers and stakeholders and over and above all, maintaining a cost effective asset maintenance. It is necessary for VicRoads to astutely use the capabilities it possesses, to overcome its challenges competently (VicRoads, ). The current business goals require improved integration of the major information sources, engagement by collaboration, information sharing with regulatory obligations, build efficient online services for users like Real Time Service interactions through Intelligent Transport, arrangement of authoritative access to metadata for community consultation and a backing of new technologies to support staff operations (VicRoads, ). 2.2 Current ICT Strategic Plan The current ICT strategy plan ( ) is directed by VicRoads Information and Management (IM&T) environment. To meet the objectives, IM&T principles are designed aligning it to corporate goals by providing best possible value for VicRoads with reduced complexity. VicRoads IM&T recognizes its key business outcomes as an inference from the strategic directions and implements actions to confer: 1 Enhanced customer service delivery, community and stakeholder engagement 2 Sustained shift online by standardising business processes for vehicle registration and driving licensing. 3 Reduced long-term assets cost by improved management of road-related assets. 4 Improvement in road use management, ensuring efficient road safety operations with minimal environmental impacts. 5 Increased VicRoads staff productivity by implementing appropriate business enabling technologies and processes. 2 of 68

8 Current ICT Strategy 6 Optimum business outcomes by efficient usage of corporate resources, capabilities and assets. 2.3 Current Strategic Planning Framework VicRoads over the course of years has followed a set of guiding principles that embrace upon strategic alignment of business with Information technology, value for money and reduced complexity. One of the important components that VicRoads followed is framework that set standards for strong accountability and appropriate governance. The framework reiterates models that produce long term business plan. The plans are generally focussed not only on the business goals but also the IM&T capabilities to achieve those goals. The framework also includes procedures that would help VicRoads attain sustainable and sizeable growth for longer terms. In relations to the framework, the VicRoads does not follow a specific framework that abides within the rules whereas; it has developed and follows its own principles. It changes and updates its strategy based on the new opportunities and present changes in the business on a regular basis. According to VicRoads, good governance includes attributes that help them run business in an efficient and accountable manner. With respect to that, VicRoads firstly intends to develop frameworks that focus on delivering commitments on time and within the budget. Secondly, it intends to focus upon improving the performance of the staff by producing sufficient information about the responsibilities. Furthermore, since Victorian Roads is an evolving business, the VicRoads framework envisions that the decisions across the stakeholders must be made transparent. 2.4 Stakeholder Analysis VicRoads strategy is focussed on addressing the current challenges along with the operational issues taking in consideration the key stakeholders demands with respect to the information management and technology. The analysis is aligned with the demands or the expectations from not only the internal and external changes in the business environment but also fast growing stakeholder expectation. Since VicRoads is a governmental organization, it needs to collaborate with various other government agencies across Victoria to produce management outcomes. The stakeholders include government organizations and other industry stakeholders that come together to produce an excellent transport system across Victoria. The business outcomes at VicRoads are analysed by producing excellent customer service delivery and stakeholder engagement. The stakeholder engagement in every aspect of business development and change related elements are communicated to the stakeholders by engaging them in the process of optimizing and consolidating systems. The strategic direction at VicRoads focuses on improving the information management system by integrating services by collaborating with government and industry related stakeholders. VicRoads in its strategic plan focuses on improving information sharing among the stakeholders by enhancing its existing processes and operation functions. The internal stakeholders VicRoads needs to be efficient and effective in 3 of 68

9 Current ICT Strategy enabling technologies and processes by delivering improved access to information, developing the right tool to perform the right job and also striving to provide a work-life balance for VicRoads staff. 2.5 Analysis and Evaluation of Current ICT Strategy This section would illustrate the understandings gained by analysing the findings from the VicRoads strategic plan. The detailed analysis of the findings are in separate reports which are available upon request. Based on the detailed analysis of the VicRoads evaluation and current ICT strategy, there are some key findings which needs to be addressed in alignment with the critical success factors. There are six critical factors that need to be captured when describing the findings. Based on the key findings and the six success criteria factors, we can evaluate the strategy of the VicRoads. Initially, it would be essential to discuss the six success criteria factors, then analyse the key findings based on the detailed analysis and finally observe the alignment of VicRoads strategy with the success factors discussed by (Kaufman, 2003) Six critical success factors Factor 1: Factor 2: Factor 3: Factor 4: Factor 5: Factor 6: Analyse things from a broader perspective for planning, doing, evaluating and continuous improvement. This factor generally demands organization to come out of the comfort zone when doing the above mentioned things. This is an important factor, as tries to artefact the target/goals and the means through which the organization is going to reach that goal. This factor takes into consideration the three important factors and analyses success at three different factors. a. Mega/Outcomes b. Macro/Outputs c. Micro/Products This factor, tries to define goals and have checkpoints to observe if the progress is aligned with the goals. In general terms, it defines the vision and mission and the examination to achieve the same. This factor portrays the importance of ideal vision as the underlying basis for planning and continuous improvement. This factor, defines the term need with respect to the gap that the organization faces rather than the insufficient levels of resources, means or methods. 4 of 68

10 Current ICT Strategy Key Findings: The key findings are based on the analysis of the strategy of VicRoads. A summary of these findings is listed below. 1 In the VicRoads current strategic plan it fails depict its current state and this would have a direct impact while trying to come up with strategies that could fit the gap between the current state and the required future state. 2 In the VicRoads current strategic plan, it fails to align the business demands with the Information and Management Technology. VicRoads, in their strategic plan shows where it wants to reach but fails to address each one of them separately. The overall strategies at VicRoads do not match with the current IM&T. 3 In VicRoads current strategic plan, they portray that they have monitoring process and they are analysed and put forth during their annual reports. But, it is necessary to have regular check points to see if there the strategy matches with the objectives. Therefore, VicRoads lacks a measurement analysis method that indicates the events occurring during the internal and external change. 4 In the VicRoads current strategic plan, it fails to establish a communication plan between the internal and external stakeholders. There is no evidence that VicRoads is communicating their progress. This shows that, even though their organization had a decent organizational structure, it did not mention how it is going to co-ordinate, communicate or define rules for communication. 5 In the current VicRoads strategic plan, it mentions about their vision and mission. Though, it fails to mention about the resources required ti achieve them. It is vital that VicRoads has a plan in place to depict about the current resources and how they are going to assess when dealing with demanding situations. VicRoads might end up incurring loses when they fail to have the resources when they are in demand. The other aspects of change and resource management also affect the requirements. 6 In the current VicRoads strategic plan, they have massively failed to analyse the risk and impacts that the risk would have on the organization as a whole. With respect to the risk management the VicRoads does not have a plan in place for assessment management, data management, security, employee work threats and budget threats. 7 In the current VicRoads strategic plan, it does not show how it is going to manage change or its readiness to change which the ICT plan inevitably causes. Mentioned above are some of the key findings with respect to the VicRoads strategic plan. In the below section we will weigh the key findings with respect to the critical factors for success discussed by Kaufman (2003). In all the seven key findings mentioned above, it clearly shows that in the current strategic plan, VicRoads did not analyse components from a broad perspective. For instance, they did not have a 5 of 68

11 Current ICT Strategy plan for change management and risk management. In key finding (5) it shows that it did not have a plan to evaluate components and measure them at regular basis to reach the target. VicRoads had plans and equivalent number of strategies through which they are going to attain their goals. But, throughout the strategic plan there is lack of enough evidence that explicitly states the means through the organization is going to reach the goals. Factor 3 suggests about the importance of knowing the outcomes, outputs and products of the VicRoads. Nowhere, in the strategic plan, there is any clear evidence that states the outcomes, outputs and products required for the organization to clearly strategize their plan accordingly. Kaufman, suggests that these are some of the important classifications when deciding upon a strategy and critically stressing upon the success factors. The VicRoads has an annual plan report that states about its progress. But, it does not mention about the checkpoints at different stages to manage change or any critical issues that occurs within the organization or from the external aspects. This might sometimes possess as a factor by which organization might fall apart from reaching their vision and mission. The VicRoads has a strategic plan and the strategic plan is acceptable in terms of the success factors, but it does not show a plan for the continuous improvement as mentioned by Kaufman in one of his critical success factors. This could have a major impact with VicRoads as they are following a more of a traditional approach rather than an agile approach where it helps to manage change and continuously seek to improve. The final success factor defines needs that VicRoads has to put in place to cover the gap with respect to the to-be state from the as-is states. It basically suggests what it needs to reach the target state apart from the key factors of resource, means and process methods. 6 of 68

12 Current ICT Governance 3 Current ICT Governance 3.1 Current ICT Governance The analysis of the IM&T current governance is accomplished by evaluating the appropriate practices and activities outlined in COBIT 5 relevant to this plan. The IM&T strategic plan is analysed for evidence that supports best practises. Thus seeks to derive a gap analysis using the same based on the accomplishments of each criterion. This section seeks to create a baseline from which the proposal will be grounded on Analysis and Evaluation of Current ICT Governance The following are conclusions made from the detailed assessment. The table below illustrates a detailed breakdown of the strategic plan against the criteria set out in the COBIT 5 framework. Processes mentioned here are those most relevant to VicRoads and those that have supportive evidence for inclusion. This paves the way for the ICT Governance proposal section of this report. *Page numbers mentioned in the table below correspond to pages in the VicRoads ICT strategy ( ) document. (Next Page) 7 of 68

13 - Current ICT Governance COBIT 5 Ref COBIT 5 Criteria Evidence Assessment Maturity Rating APO01 Manage the IT Management Framework 1. A description of how to apply the IM&T principles is described. This also helps drive key business outcomes p IM&T have developed within a set of principles by which to follow. These are match in line with key business outcomes and objectives. p. 5 Activities not sufficiently discussed in the plan are risk analysis or description of risk assessment. This forms a key understanding to business risks and complete viability of the strategy (ISACA 2014). APO02 Manage Strategy 1. Input from the existing VicRoads strategy the IM&T strategy is formulated. 2. The plan also picks up from existing WoVG strategies, policies and other external drivers. The approval p.4 3. There is an identification of key stakeholders with the use of a stakeholder analysis, ensuring relevant stakeholder engagement. pp.15 & Through the governance and assurance framework we see the network for endorsing and driving ICT Strategy. p. 20 However, within the ICT strategic plan, no evidence shows due attention to identify and analyse sources of change in the enterprise and external environments. This is crucial for incremental review of the plan (Luftman 2000). Though, a frequent review to the ICT plan is in place. Though this is a high level ICT strategic plan, there is no sufficient identification of threats from declining, current and newly acquired technologies. This is key to formulating forward paths in the strategy (Elmorshidy, 2013). APO03 Manage Enterprise Architecture 1. Through the governance and assurance framework we see that the plan incorporates an enterprise architecture vision. p Comprehensive business outcomes and critical enabling strategies used to define the ICT strategy. pp APO12 Manage Risk 1. Evidence from the plan suggests extensive investigations over the capabilities of IT as a service and describes high level objectives through its key strategies. pp.6 & Not much has been explored on VicRoads readiness to change i.e. Assess the enterprise s readiness for change. Though inferred through VicRoads continual assessment of the ICT Strategic Plan there is no formalised mention of continual risk analysis. A comprehensive risk analysis is essential for input 8 of 68

14 - Current ICT Governance COBIT 5 Ref COBIT 5 Criteria Evidence Assessment Maturity Rating *No formal referral to risk though, but is essential. to create an effective strategic plan (Elmorshidy, 2013; Luftman, 2004). (Luftman 2000, Elmorshidy 2013, ISACA 2014). BAI02 Manage Requirements Definition 1. Involving relevant stakeholders, IM&T develop a road map of priority actions and key strategies. These are divided into critical enabling strategies for business outcomes pp A lack of clear strategic alignment VicRoads goals with IM&T principles this is carried through from the strategy and principles. BAI05 Manage Organisational Change Enablement 1. The plan describes a governance model for the development and implementation of the IM&T strategy. p A governance and assurance framework is described that aims to align business outcomes. p It is also important to note that VicRoads have developed and use their own communication plan, however, no reference has been made here. (VicRoads, 2014). A lack of established and maintained optimal coordination, communication and liaison structure - define ground rules for communication This is important to have to ensure proper coordination of strategy to action plan workflow (ISACA, 2014). BAI08 Manage Knowledge 1. The current ICT plan is based off previous revisions and is developed upon cyclically with the next review performed within a year of the last Though inferred through VicRoads continual assessment of the ICT Strategic Plan there is no indicating knowledge management during strategy p.3 formalised mention of continual knowledge management activities. DSS03 Manage Problems Through the governance and assurance framework we infer that the plan incorporates an enterprise architecture vision for managing ICT challenges. No clear cut evidence suggest not a compressive problem management structure. p. 20 MEA01 Monitor, 1. It is described that the IM&T plan undergoes a regular review within the No clear cut evidence suggest not compressively in 9 of 68

15 - Current ICT Governance COBIT 5 Ref COBIT 5 Criteria Evidence Assessment Maturity Rating Evaluate and Assess Performance and Conformance specified time line. p.3 effect. MEA03 Monitor, Evaluate and Assess Compliance with External Requirements 1. IM&T establish first an understanding of enterprise vision. This is especially evident with the emphasis on compliance to the overall organizational strategies. The preparation of this strategy complies and is driven from the business and the Whole of Victorian Government (WoVG) pp.5,6 &11 Inferred by virtue of being a Victorian government agency however no clear cut evidence suggest this is not compressively achieved. EDM02 Ensure Benefits Delivery 1. Through the governance and assurance framework we see the network for endorsing and driving ICT Strategy, This network however, does not show adequately an assessment of stakeholder requirements fulfilment vs benefits delivery. p. 20 No adequate cost, risk and implications as well as indicative resource requirements have been addressed against stakeholder requirements in the plan. This is crucial to developing a comprehensive strategic plan that encompasses broad stakeholder concerns (Rahman, 2008). EDM05 Ensure Stakeholder Transparency 1. There is an identification of key stakeholders with the use of a stakeholder analysis, ensuring these stakeholders have engagement in the projects thus offering transparency. pp.15 & 20 No clear cut evidence suggest not enough may be done to accomplish sufficient transparency Table 1 Analysis and Evaluation of Current ICT Governance 10 of 68

16 Low Degree of Integration High VicRoads Governance Plan Proposal Current ICT Governance 3.2 Current ICT Governance Decision Making Analysis & Evaluation Operating Model As a government agency, VicRoads strives to achieve operational excellence. This is clear in the description of its function in the Transportation Integration Act 2010 as well as in VicRoads strategic objectives. This adds a greater emphasis on the importance of understanding the operations of the company. Ross, Weill & Robertson s (2006) operating model is used here to analyse the current operation situation of VicRoads. The model evaluates an organisation s operations in two dimensions: Integration and Standardisation of business operations. Operating model analysis is not included in the current strategy, nor is it present in any of our resource documents. It is hard to determine accurately the operation model without investigating daily operations. However, the operating model can be inferred from the documents, as described in the following sections, as well as in analysis table (Table 2). Coordinated Unified Strategy Current 2011 Diversified Replicated Low Degree of Standardisation High Figure 1: Current Operating Model 11 of 68

17 Current ICT Governance Degree of Standardization There is no much replication of operation among VicRoads different departments, as each department is specialised in a unique area which makes its process also unique to it. This shows less standardisation of operations. On the other hand, VicRoads adheres to a set of very strict standards to comply with governmental requirements. Most of the current ICT operations are aligned with these standards. This suggests some standardisations of processes among various departments. Degree of Integration The fact that VicRoads is operating in only one market area makes it more integrated, as all of its processes and operations are related. Moreover, VicRoads different departments work with the same higher goals, they work to serve the same customers to eventually deliver the same services. Looking from a decision making aspect, VicRoads establishes a number of decision making committees that involve different departments in the decision making process, thus, making it more integrated (Refer to Decision Making section form more details). On the other hand, there are no evidence of good information and data sharing between VicRoads departments, which indicate less integration. Overall Operating Model The overall operating model of VicRoads demonstrates some diversification, with a moderately high coordination and a relatively low standardisation. The Coordination is basically due to the unity of the organisation in terms of location and target business goals, customers and services. The lack of standardisation is due to the diversity of functions of various organisational departments. VicRoads previous annual reports reveal an increased standardisation. When compared with previous reports, current reports indicate much more compliance and enforcement of standards in VicRoads s operations as well as improve of internal integration utilising ICT. 12 of 68

18 Current ICT Governance Detailed Analysis Aspect Business goals ICT Strategy, Planning & Management Application Development & Maintenance Infrastructure Research and Innovation Systems Operating Offices Operating Model C D C D C D C D C D U R U R U R R Evidence & Findings - The business goals are mostly based on government regulations and standards - VicRoads departments work for the same higher business goals - IT strategy is defined with business standards and is integrated with the Strategic Directions - IM&T Strategy is developed and maintained by representative from different departments (Refer to decision making section) - Applications are developed with integration between IM&T managers and business departments - VicRoads maintain a research and innovation unit which operates autonomously far from the organisation strict standards (e.g. VicRoads Annual Report 2013 Page: 14) VicRoads maintains a standardised IM&T technology platform and services (IM&T Strategy Page: 7) Indicates a unified system, which results in coordination VicRoads have many operating offices in different location U in Victoria R These offices are expected to be working with the same processes and procedures Table 2: Operating Model Detailed Analysis C D U U R Governance Arrangement Matrix To assess decision making, (Weill & Ross, 2004) s Arrangement Matrix method is used. VicRoads ICT decision making is greatly driven by committees in a form mostly similar to federal decision archetype. Decision is made in three different levels: 2. Strategic Level At this level most of decisions are made by senior management in the SLT (Strategic Leadership Team) committee. Decisions related to major ICT investment is also determined in this committee. Another committee IA&T (Information Access and Technology) Committee comprises with lower level is also involved to a certain limit. 3. Business Needs Level At this level most of decision is made by the IA&T committee which basically comprises of Executive General Manager IM&T and the other executive directors. Most of ICT business needs are determined here. Minor investment decisions are also made at this level. 13 of 68

19 Current ICT Governance 4. Projects Priorities and Actions Level Technical project actions decisions are made at this level by IM&T Managers along with respective business representatives. Governance Arrangements Matrix Archetype Business Monarchy IT Monarchy Feudal Federal Duopoly Anarchy ICT Principles ICT Architecture ICT Infrastructure Business Application Needs ICT Investment Input Decision Input Decision Input Decision Input Decision Input Decision IA&T SLT EGM EGM IA&T IA&T CSG ED EGM IA&T SLT IA&T ED: Executive Director(s) EGM: Executive General Manager IM&T SLT: Strategic Leader Ship Team CSG: Committee Steering Group IA&T: Information Management & Technology Table 3: Current Arrangements Matrix As present in the arrangement matrix above (Table 33), VicRoads relies m on federal committees for both decision input and decision making. This has pros and cons, it is considered a good practice to utilize federal committees for decision input, however, it is not a good practice to delegate decision to these committees (Weill & Ross, 2004). Decision Making Bodies: SLT (Strategic Leadership Team) It supports the Chief Executive to deliver the Roads Corporation s functions, as defined under the Transport Integration Act. Specifically, it sets and adapts VicRoads vision, strategic objectives and priorities, while ensuring that the organisation complies with robust governance processes in providing effective leadership. Comprises of: Chief Executive Chief Financial Officer Executive Director (ED) of Strategy and Planning ED of Policy and Programs ED of Corporate Services ED of Commercial Enterprises ED of Business Development 14 of 68

20 Current ICT Governance IA&T Committee (Information Access and Technology Committee) It provides strategic leadership to the organisation in its use and management of information and investment and management of information technology. Comprises of: ED of Corporate Services ED of Strategy and Planning ED of Policy and Programs Executive General Manager Information Management and Technology (Next Page) 15 of 68

21 Current ICT Governance ICT Governance Design Framework Enterprise Strategy & Organization Deliver better service Enhance service delivery and stakeholder engagement through optimization and integration. Enhance effectiveness and efficiency by standardizing business processes and integrating systems. Improve the management of road-related assets. Improved governance and management of corporate process ICT Governance Arrangements Use Federal to decide on: Capability steering group, Enterprise architecture and IM&T portfolio management Strategic leadership Team; Management Committee; Project Revive Committee Information Management and Technology Board Information Access and Technology Committee Risk Committee & Audit Committee Business performance Goals Engaged communities and stakeholders. Robust, reliable and licensing registration and licensing services. Minimized whole-of-life assets cost. Delivering safer, sustainable, reliable and efficient road network Improved access, collaboration and information sharing Delivering more flexible, fit for purpose, cost effective corporate services. ICT Infrastructure & Desirable Behaviour Integrated and unified customer service delivery channel Reduce security risks and improve authority, accuracy and availability. Develop appropriate IM&T capabilities and technologies. Consolidate and integrate business system, applications and information. Intergrade Corporate Business System platform ICT Governance Mechanisms Information Management and Technology Board: Comprises most Executive Directors and ensures the governance and strategic alignment of investment decisions. Information Access and Technology Committee: It provides strategic leadership to the organisation in its use and management of information and investment and management of information technology. ICT Metrics & Accountability The current strategic plan doesn t use any metrics to assess the accountability Figure 2: Current Governance Design Framework 16 of 68

22 Current ICT Governance ICT Governance Policy Framework The Policy Framework for Information and Technology provides the strategic context for the Policy on Information Management and the Policy on the Management of Information Technology. It also takes into consideration the Privacy and Data Protection policy, the Access to Information policy, and the Policy on Government Security. The ICT Policy Framework provides a strategic context and guiding principles to sound ICT management practices across government (Treasury Board of Canada Secretariat 2012). For the current IT strategic plan, there are no clearly documents showing the information about current ICT Governance Policy Framework. As it defined above, it is important for the strategic governance to have a framework to guide direction. Even though the current plan doesn t have one, but there are still some contents still helpful for guiding the plan. Policy and Programs are responsible for: The translation of the broad strategic directions into priority based investment programs and projects. Developing and implementing effective policies to improve the operation of the road network and delivery of services. Facilitating consistency, capability development and knowledge sharing in the design, construction and maintenance of road infrastructure. Encouraging the use of sustainable transport modes in assisting customers to take responsibility for making choices in all aspects of using the road network ICT Governance Performance Measurement VicRoads has made a commitment to achieve a Good Governance. This commitment is established in the document VicRoads Strategic Directions that provides guidance to the Information Management and Technology Strategy (IM&T Strategy ). The VicRoads vision regarding Good Governance is about operates its responsibility in an efficient and accountable way giving emphasis in delivering its commitments on time and on budget. The commitments that VicRoads has set have been mentioned above as part of the Business Performance Goals and are clearly expressed as Key Business Priorities and Outcomes in the IM&T These Key Business Priorities and Outcomes are: 1 Customer Service Delivery, Community and Stakeholder Engagement 2 Vehicle Registration and Driver Licensing 3 Road Asset Management 4 Road use Management 5 Personal Productivity and Communication 6 Corporate 17 of 68

23 Current ICT Governance Following with the VicRoads idea of Good Governance it is mandatory to measure the performance of the ICT Governance in achieving the proposed key business priorities or business goals. With this measurement it is possible to verify the degree of accomplishment or deviation regarding the baseline. Next, there is the result of an analysis performed to the ICT Governance measures proposed against the COBIT s 5.0 best practices. Key Business Priority Outcome Result Customer Service Delivery, Community and Stakeholder Engagement Vehicle Registration and Driver Licensing Road Asset Management Road use Management Personal Productivity and Communication Enhance customer service delivery and stakeholder engagement through optimisation and convergence of service delivery channels and integration and consolidation of processes and systems. Enhance integration and licensing effectiveness and efficiency by standardising business processes, integrating systems on modern platform and achieving a sustained shift to online channels. Improve management of road-related assets so as to minimise log-term assets cost, to enable transport and road safety benefits, to comply with legislative obligations and to meet community expectations. Ensure efficient, reliable and safe road system operation with minimal environmental impacts through the applications of technologies and information services which are integrated across the transport system. Enable VicRoads to be effective, efficient and satisfied in their work by implementing appropriate business enabling technologies and processes. Even it is mentioned in their annual report, there is no evidence about the integration and consolidation of the processes and systems on VicRoads ICT environment. VicRoads annual report 2011 and 2013 were reviewed looking for data to demonstrate the measurement but there was not information regarding the Vehicle Registration and Driver Licensing project, neither its goals nor its objectives. No information was found regarding baseline cost, neither the reduction cost objective in terms of quantity or percentage. There is no data about community expectation such as surveys satisfaction or indicators giving a mark. Although it is well know that ICT infrastructure can provides support for efficient and reliable operations to the business, there is no mention which project or which system or systems should be integrated. In addition, there is no measure proposed, baseline or target in terms of time, accessibility or availability. There is a lack of target of measurement for this Key Business Priority. However, in an update of the IT&M document, it was reported that the Business Intelligence 18 of 68

24 Current ICT Governance Corporate Ensure the effective and efficient utilisation and management of corporate resources, capabilities and assets. Table 4: Current ICT Governance Performance Measurement project is already in production, the specialized users were trained and general users are scheduled for training. Although the VicRoads annual reports 2011 and 2013 mention that the corporate resources (such as financial resources) are being effectively and efficiently utilised, there is no clearly defined goals or objectives. In addition, the baseline is not defined but it can be inferred from previous annual reports Conclusion current IT Decision Making According to the analysis performed to the current ICT Governance Decision Making, the highlights that explain its current situation are outlined: VicRoads as a whole organization strives to achieve operational excellence. VicRoads Governance Decision Making model has experimented transformation since 2011 (year taken as baseline for analysis purposes) to wards coordination. The operating model overall is considered to be coordinated-diversified. VicRoads relies mostly on federal committees for decision making VicRoads Governance Decision Making analysis shows that despite the business units are integrated through a decision making committees, the information and data sharing needs to be enhanced. It is necessary to implement mechanisms, such as SLA s to enforce VicRoads to get the best performance of all the projects or initiatives. 19 of 68

25 Low Degree of Integration High VicRoads Governance Plan Proposal Proposed ICT Governance Plan 4 Proposed ICT Governance Plan 4.1 Operational Strategy Operating Model Enhancement As seen in the current operating model analysis previously (Refer to Section 3.2.1), VicRoads currently operates on a Diversified-Coordinated model. To achieve its strategic objective and to attain operational excellence, an operational strategy is suggested to be adapted; a strategy that emphasises on operational coordination. In contrast, VicRoads is not advised to emphasise on standardising its operations. That is because of the organisational nature of VicRoads of being with few similarly functioning departments, but with rather diversified functions. Each department should be optimised with the ideal process that matches its function. However, minor standardisation can be helpful to comply with standards like risk and safety. Coordinated Unified Suggested Current 2011 Diversified Replicated Low Degree of Standardisation High Figure 3: Proposed Operating Model 20 of 68

26 Common Interface VicRoads Governance Plan Proposal Proposed ICT Governance Plan The current strategy aims more towards a unified model, however, we suggest keeping with the same improvements rate since 2011 walking with the same direction towards a coordinatedunified model An Enabling Enterprise Architecture To enable the proposed operating model, an enterprise architecture model based on (Ross, Weill, & Robertson., 2006) is proposed (Figure 4). The main required processes to enable coordination are also showed: Shared Customers Shared Data Integrating Technology Linked Processes Business Processes Data Common Central Database Technology Customer types Interface with customers Figure 4: Proposed Operating Model Enabling Architecture The proposed model above (Figure 4) outlines an architecture which emphasises on integration of: Customers, Data, Technology and Processes, prioritized respectively. Specifically, Customer and Data integration would be essential for enabling coordinated operations (Ross, Weill, & Robertson., 2006). 21 of 68

27 Proposed ICT Governance Plan 4.2 Proposed Governance Arrangement The current management structure at VicRoads, as described earlier, appears to be appropriate for the proposed operating model and for the proposed processes. However, some enhancements still can be applied. We are proposing two main improvements to the governance structure and decision making arraignments in VicRoads, to overcome the issues identified earlier in the evaluation and assessment section. Two main enhancements proposed: optimising decision making arrangements and forming an IM&T independent department Optimising Decision Making Arrangements As demonstrated in the assessment and evaluation section, VicRoads greatly relies on committees for different decision making regarding IT. As there are advantages for that, there are disadvantages too. Best practices suggest that decision making should be delegated to Business Monarchy, IT Monarchy or Duopoly level (Weill & Ross, 2004). To reduce change impact, only required changes were made on the current arrangements. Although no much emphasis is put on business monarchy, it is very important to involve senior management in decision making process. Studies show that the higher the awareness of IT governance among senior management the better the performance of IT governance (Weill & Ross, 2004). Therefore, we have considered increasing the involvement of top managers in decision making committees. Archetype Business Monarchy IT Monarchy Feudal Federal Duopoly Anarchy ICT Principles Table 5: Proposed Arrangements ICT Architecture ICT Infrastructure Business Application Needs ICT Investment Input Decision Input Decision Input Decision Input Decision Input Decision IA&T SLT ED ED.IM&T ED.IM&T ED.IM&T IA&T IA&T CSG ED ED.IM&T ED: Executive Director(s) ED.IM&T: Executive Director IM&T SLT: Strategic Leader Ship Team CSG: Committee Steering Group IA&T: Information Management & Technology IA&T SLT CE ED.IM&T 22 of 68

28 Proposed ICT Governance Plan The matrix above (Table 55) indicates five main IT decision areas: ICT Principles IT principals define the role of IT in enabling business. It is suggested that decisions on ICT principals should be formed by IA&T Committee and finalised by a duopoly of the Executive Director IM&T and the Chief Executive. ICT Architecture Decisions defining VicRoads ICT architecture should be derived from IA&T committee meetings, however, final decision should be done by the IT specialists in IM&T Department. ICT Infrastructure Likewise, decisions regarding ICT infrastructure are proposed to be discussed in IA&T committee and determined by technical experts at IM&T department Business Application Needs Decision for specifying business needs for purchased and developed applications can be determined by a duopoly between the concerned business department and the IM&T department. Final decision could be finalised by heads of both department (i.e. the department s Executive Director and the Executive Director IM&T). ICT Investment and prioritisation Decisions regarding which project would be funded and what are the priorities would be determined by a duopoly between the Chief Executive and the Executive Director IM&T Forming an IM&T Independent Department Currently, VicRoads does not have an independent IT&M department. It is suggested to form an independent department under the leadership of the current Executive General Manager IM&T. who shell be empowered to become Executive Director IM&T. A proposed initial organisation structure is demonstrated on (Figure 5). Two technical committees are introduced to help forming an IT monarchy on enterprise architecture and IT Infrastructure decisions. It managers, roles and their respective departments can be identified in the next phase of implementing this governance proposal. IT Managers + Chief Executive Executive Director IM&T Committees Archetecture Committee Infrastructure commitee Figure 5: IM&T Department initial proposed structure 23 of 68

29 - Proposed ICT Governance Plan 4.3 Proposed ICT Governance Processes Keeping in theme with the challenges of ICT business strategic alignment and risk management, it is proposed that IM&T adopt a new ICT Governance plan with the processes and practices described in this section. These are based off only the most relevant COBIT 5 governance processes, practices and activities. COBIT 5 allows VicRoads take a strong focus to building an effective governance and management framework. Each process aligns with related VicRoads goals and challenges identified in the current analysis sections of this report. This section uses a hinting system whereby in each ICT governance proposal, a clue is given as to how VicRoads might implement it. Note: 1) Processes mentioned here and are not mentioned in the Current Analysis Section of this report are assumed critical for VicRoads with the information available. 2) Appendix 6.3 shows an outline of the governance and management processes within COBIT 5, highlighting those most relevant for VicRoads and therefore used in this part of the proposal Align, Plan & Organise The set of processes outlined in this section offer VicRoads and IM&T the opportunity to align their strategy and planning objectives. COBIT Reference Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads APO01 Manage the IT Management Framework: IM&T can provide a consistent management approach to enable VicRoads governance requirements to be met, covering management processes, organisational structures, roles and responsibilities, reliable and repeatable activities, and skills and competencies. APO01.01 Define the organisational structure. 1. Define the IT activities scope 2. Identify decisions required for execution of IT services. 3. Establish the involvement of stakeholders Goal: Align IM&T Strategy principles with VicRoads business objectives through the IT management Framework 4. Align the IT with enterprise architecture organisational models. 5. Define the focus, roles, management structures and 24 of 68

30 - Proposed ICT Governance Plan COBIT Reference Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads APO01.02 Establish roles and responsibilities. relationships of each function. 6. Establish an IT strategy & steering committee (or equivalent) at the board level. 7. Provide guidelines & ground rules for communication for each management structure. 1. Establish, agree on and communicate IT-related roles and responsibilities considering requirements from stakeholders Hints 1. It is proposed that IM&T restructure their IT- principles decision making authorities as is defined in the ICT Decision Making Structure part of this report. 2. Include in role descriptions compliancy to Vic Government. 3. Implement adequate supervisory practices. 4. Ensure that accountability is defined through roles and responsibilities. 5. Structure roles and responsibilities to reduce the possibility for a single role to compromise a critical process. 2. Establishment of new positions such as that of a Strategy Executive Committee within IM&T to oversee management of the new IT framework. APO01.04 APO01.06 Communicate management objectives and direction. Define information (data) and system ownership. 1. Supported by executive management continuously communicate IT objectives and direction. 2. Ensure all encompassing information is communicated at appropriate levels of detail. 3. Provide sufficient and skilled resources to support the communication process. 1. Provide guidelines for an appropriate information taxonomy. 2. Define guidelines to provide effective security and controls over information. 3. Consideration for government agency compliancy through regular supervisory by the compliance office ensuring roles are properly exercised. 4. Consider Standards such as the ISO 25 of 68

31 - Proposed ICT Governance Plan COBIT Reference Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads 3. Create and maintain an inventory of information. 4. Define and implement procedures to ensure the integrity and consistency of all information stored. standards followed through from the Victoria government ICT management. APO01.07 Manage continual improvement of processes. 1. Identify business-critical processes based on performance and conformance drivers and related risk. 2. Implement agreed-on improvements and set performance goals to enable monitoring of process improvements. 3. Apply quality management practices to update the process and retire outdated processes. APO01.08 Maintain compliance with policies and procedures. 1. Track compliance and analyse non-compliance with policies and procedures. 2. Integrate performance and compliance into individual s performance objectives. 3. Ongoing reassertion of compliance by trend analysis in performance and compliance and take appropriate action. APO02 Manage Strategy: Align strategic IM&T plans with VicRoads goals. Clearly communicate the objectives and associated accountabilities so they are understood by all, with the IT strategic options identified, structured and integrated with the business plans. APO02.01 Understand enterprise direction. 1. Develop and maintain an understanding of enterprise strategy and objectives including the external environment through identifying key stakeholders and obtain insight on their requirements. Challenge: IM&T understand VicRoads strategic directions. 2. Identify and ascertain priorities for strategic change. 26 of 68

32 - Proposed ICT Governance Plan COBIT Reference Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads APO02.03 Define the target IT capabilities. 3. Understand the current enterprise architecture. 1. Consider validated and Identifying threats from emerging technology or innovation ideas. 2. Define required and desired business process and IT capabilities. 3. Demonstrate traceability to VicRoads strategy and requirements. APO02.04 Conduct a gap analysis. 1. Identify and consider implications and impacts of all gaps and changes required to realise the target environment. APO02.05 Define the strategic plan and road map. 4. Refine the target environment definition and prepare a value statement with the benefits of the target environment. 1. Define the initiatives required to close gaps. 2. Identify and determine dependencies through adequately addressing risk, costs and implications of organisational changes in the planning process. 3. Identify resource implications and create a road map schedule Hints 1. Using current analysis, IM&T may consider developing a to be architectural structure as their way to manage strategy. Gartner (2014) suggest a comprehensive where I want to be description. 2. Involve to gain support, strategic key stakeholders in the business such as that of unit heads and key committees like IA&T to facilitate effective strategy management. APO02.06 Communicate the IT strategy and direction. 4. Translate objectives into outcome therefore to obtain support from stakeholders. 1. Develop and maintain a network for endorsing, supporting and driving the IT strategy. Follow through by using a communication plan. 2. Obtain feedback and update the communication plan and 27 of 68

33 - Proposed ICT Governance Plan COBIT Reference Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads delivery as required. APO03 Manage Enterprise Architecture: Represent the different building blocks that make up VicRoads and IM&T as well as the principles guiding their design and evolution over time, enabling a standard, responsive and efficient delivery of operational and strategic objectives. APO03.01 Develop VicRoads architecture vision. 1. Define and align architecture objectives with strategic programme priorities through adoption of an enterprise framework. 2. Identify VicRoads change risk associated with the architecture vision and develop a mitigation strategy for each significant risk. 3. Develop an enterprise architecture concept business case. Goal: Enterprise wide management of IT services through and enterprise architecture to encourage IM&T alignment with VicRoads. Hints APO03.02 Define a reference architecture. 1. Maintain an architecture repository containing standards & reusable components to enable uniformity of architectural organisation and maintenance. 2. Select reference viewpoints from the architecture repository & select the models needed to support the specific view required. In turn, develop baseline architectural domain descriptions. 1. Consider a wider enterprise architecture solution through adoption of an EA Framework/Practise like TOGAF (The Open Group Architecture Framework) 3. Maintain a process architecture model, information architecture model as part of the baseline and verify the architecture models for internal consistency therefore performing a gap analysis between the baseline and target. APO03.04 Define architecture implementation. 1. Establish what the implementation and migration plan should include as part of programme and project. 2. Confirm transition architecture increments and phases and 28 of 68

34 - Proposed ICT Governance Plan COBIT Reference Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads update the architecture definition document. 3. Define architecture implementation governance requirements. APO03.05 Provide enterprise architecture services. 1. Confirm scope and priorities. 2. Manage the portfolio of enterprise architecture 3. Manage enterprise architecture requirements. 4. Identify and align enterprise architecture priorities to value drivers. 5. Establish a technology forum to provide architectural guidelines. APO09 APO10 APO11 Manage Service Agreements Manage Suppliers Manage Quality APO09.02 Catalogue IT-enabled services. 1. Publish in catalogues relevant live IT-enabled services. 2. Continually ensure that the service components in the portfolio and the related service catalogues are complete and up to date. 3. Inform business relationship management of any updates to the service catalogues. APO10.01 Identify and evaluate 1. Establish and maintain criteria that enable a focus on Goal: 1. Establishment of measures to minimum and maximum performance goals through incorporation of Service Level Agreements (SLA) strategy. 29 of 68

35 - Proposed ICT Governance Plan COBIT Reference Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads supplier relationships and contracts. preferred and important suppliers. 2. Establish and maintain supplier and contract evaluation criteria. 2. Align Business and IT strategies through managing outsourcing 3. Identify, record and categorise existing suppliers and contracts. Hints APO09.03 & APO11.02 Define and prepare service agreements. Define and manage quality standards, practices and procedures. 4. Periodically evaluate and compare the performance of existing and alternative suppliers. 1. Draft customer service agreements based on the services. 2. Liaise with supplier management to ensure that appropriate commercial contracts with external service providers underpin the customer service agreements, if applicable. 3. Finalise customer service agreements with business relationship management. 4. Define the quality management standards, practices and procedures in line with the IT control framework s requirements. 5. Consider the benefits and costs of quality certifications. 1. Through outsourcing efforts one way to measure performance is through measureable SLA agreement. This is defined in the section on performance measures of this report. 2. Using ISO standards to manage and assess quality, adopted from the parent Victoria Government. APO09.04 Monitor and report service levels. 1. Establish and maintain measures to monitor and collect service level data. 2. Evaluate performance and provide regular and formal reporting of service agreement performance, including deviations from the agreed-on values. Distribute this report to business relationship management. 3. Perform regular reviews to forecast and identify trends in 3. Victoria Government overall goal is service provision. Managing IT Outsourcing contracts by manage suppliers process. 30 of 68

36 - Proposed ICT Governance Plan COBIT Reference Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads service level performance. APO09.05 Review service agreements and contracts. 4. Provide the appropriate management information to aid performance management. 5. Agree on action plans and remediation for any performance issues or negative trends. 1. Regularly review service agreements according to the agreedon terms to ensure that they are effective and up to date. 4. Following Victoria government guidelines on procurement. However, for smaller services managed by IM&T Supplier management may be done as described. - APO10 APO10.04 Manage supplier risk. 1. Identify, monitor and, where appropriate, manage risk relating to the supplier s ability to deliver service efficiently, effectively, securely, reliably and continually. APO12 Manage Risk 2. When defining the contract, provide for potential service risk. Integrate the management of IM&T s IT-related risk with overall Enterprise Risk Management (ERM) i.e. VicRoads, and balance the costs and benefits of managing that risk. APO12.01 Collect data. 1. Establish and maintain a method for the collection, classification, analysis and thereafter recording of IT risk-related data. 2. Survey and analyse the historical IT risk data. Goal: Developing a Risk Management Strategy that is fully engrained into IM&T s Governance strategies. 3. Record data on risk events and determine the specific conditions that existed. 4. Perform periodic event and risk factor analysis. 31 of 68

37 - Proposed ICT Governance Plan COBIT Reference Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads APO12.03 Maintain a risk profile. 1. Inventory business processes and document the dependency on IT service and infrastructure resources. 2. Determine and agree on which IT services and IT infrastructure resources are essential to sustain the business operation. 3. Aggregate current risk scenarios by category, business line and functional area. Hints 1. Developing an ERM strategy that works for VicRoads and IM&T and hence bringing IT- Business Alignment between them. APO12.05 Define a risk management action portfolio. 4. On a regular basis, capture all risk profile information and consolidate it into an aggregated risk profile. 1. Maintain an inventory of control activities that are in place to manage risk. 2. Determine whether each organisational entity monitors risk. 3. Define a balanced set of project proposals designed to reduce risk. APO12.06 Respond to risk. 1. Prepare, maintain and test plans that document the specific steps to risk response. 2. Categorise incidents, and compare actual exposures against risk tolerance thresholds. 3. Apply the appropriate response plan to minimise the impact when risk incidents occur. 4. Examine past adverse events/losses and missed opportunities and determine root causes. Table 6 Align, Plan & Organise 32 of 68

38 - Proposed ICT Governance Plan Build, Acquire & Implement COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads BAI02 Manage Requirements Definition: Create feasible optimal solutions that meet enterprise needs while minimising risk. BAI02.01 BAI02.03 BAI02.04 Define and maintain business functional and technical requirements. Manage requirements risk. Obtain approval of requirements and solutions. 1. Define and implement a requirements definition and maintenance procedure. 2. Express business requirements in terms of how the gap between current and desired business capabilities needs to be. 3. Prioritise, validate, Confirm and track all the information, functional and technical requirements based on the confirmed stakeholder requirements. 1. Involve the stakeholders to create a list of potential quality, functional, and technical requirements and risk related to information processing. 2. Analyse, prioritise and therefore identify mitigations for the requirements risk according to probability and impact. 1. Ensure key stakeholder engagement in making decisions in solutions choice. 2. Obtain quality reviews throughout, and at the end of, each key project stage. Goal: Sustainable business-it alignment throughout requirements definition practices. Hints 1. Consider requirements relating to enterprise policies and standards, enterprise architecture, strategic and tactical IT plans. 2. Lack of user involvement, unrealistic expectations, developers adding unnecessary functionality therefore, stakeholder engagement is crucial as detailed in meeting stakeholder s needs section of this report. 33 of 68

39 - Proposed ICT Governance Plan COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads BAI03 Manage Solutions Identification and Build Establish timely and cost-effective solutions capable of supporting enterprise strategic and operational objectives. BAI03.02 Design detailed solution components. 1. Design progressively any new or changing business process activities, application processing steps and work flows, taking into account data inputs and outputs. 2. Design system/solution interface, data storage, appropriate redundancy and interfaces Goal: Effective business-it alignment execution through solutions management practices. 3. Consider the impact of the solution s need for infrastructure performance. 4. Proactively evaluate for design weaknesses. Hints BAI03.04 Procure solution components. 5. Provide an ability to audit transactions and identify issues. 1. Create and maintain and review a plan for the acquisition of solution components 1. Use a quick win project selections strategy to prioritise and engage into projects. 2. Assess and document the degree to which acquired solutions require adaptation of business. BAI03.09 Manage changes to requirements. 4. Follow required approvals at key decision points during the procurement processes. 5. Record receipt of all infrastructure and software acquisitions in an asset inventory. 1. Assess the impact of all solution change requests. 2. Track changes to requirements, then apply change requests. 2. Short quick win projects might use an agile approach to implementation to manage and incorporate change into the project. 34 of 68

40 - Proposed ICT Governance Plan COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads BAI03.11 Define IT services and maintain the service portfolio. 1. Propose definitions of the new or changed IT services as well as new or changed service level options. 2. Interface with business to agree on the proposals. BAI05 Manage Organisational Change Enablement: Prepare and commit stakeholders for business change and reduce the risk of failure. BAI05.02 BAI05.03 Form an effective implementation team. Communicate desired vision. 1. Identify and assemble an effective core implementation team enriched with trust and has effective communication skills. with team 3. Develop a common vision and goals that support VicRoads objectives. 1. Develop a vision communication. 2. Reinforce the communication through multiple forums and repetition. 3. Check understanding of the desired vision and respond to any issues highlighted by staff. BAI05.07 Sustain changes. 1. Provide mentoring, training, coaching and knowledge transfer to new staff to sustain the change. Goal: Sustained change readiness across VicRoads - Aligning IT to business involves changes. Hints 1. Carrying through the quick win strategy essential to create change friendly environment with IM&T and VicRoads as a whole through stakeholder involvement throughout the change. 2. Perform periodic reviews of the operation and use of the change and identify improvements. 3. Capture lessons learned relating to implementation of the change and share knowledge across VicRoads. 35 of 68

41 - Proposed ICT Governance Plan COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads BAI08 Manage Knowledge Provide the knowledge required to support all staff in their work activities and for informed decision making and enhanced productivity. BAI08.01 Nurture and facilitate a knowledge-sharing culture. 1. Proactively communicate the value of knowledge to encourage knowledge creation, use, re-use and sharing. 2. Encourage the sharing and transfer of knowledge by identifying and leveraging motivational factors. Goal: sustainable change readiness and business-it alignment through knowledge management. 3. Create an environment, tools and artefacts that support the sharing and transfer of knowledge. Hints BAI08.05 Evaluate and retire information. 4. Embed knowledge management practices into other IT processes. 5. Set management expectations and demonstrate appropriate attitude regarding the usefulness of knowledge and the need to share enterprise knowledge. 1. Measure the use and evaluate the usefulness, relevance and value of knowledge elements. Identify related information that is no longer relevant to VicRoads s knowledge requirements. 1. Managing and classifying knowledge enables sustained change & business-it alignment through overall organisational understanding. 2. Explicit and Tacit knowledge is shared across VicRoads. 2. Define the rules for knowledge retirement and retire knowledge accordingly. Table 7 Build, Acquire & Implement 36 of 68

42 - Proposed ICT Governance Plan Deliver, Service & Support COBIT Ref Proposed Practice DSS03 Manage Problems Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads Increase availability, improve service levels, reduce costs, and improve customer convenience and satisfaction by reducing the number of operational problems. DSS03.01 Identify and classify problems. 1. Identify problems through the correlation of incident reports and define priority levels. 2. Report the status of identified problems. Challenge: Issue handling capabilities with IM&T for VicRoads DSS03.04 Resolve and close problems. 3. Maintain a single problem management catalogue to register and report problems identified. 1. Close problem records and Inform the service desk after confirmation. 2. Obtain regular reports and assess impact from change management on progress in resolving problems and errors. Hints 1. Amalgamate practices across service desks. 3. Review and confirm the success of resolutions of major problems and Share knowledge learned. Table 8 Deliver, Service & Support 37 of 68

43 - Proposed ICT Governance Plan Monitor, Evaluate & Assess (runs across APO, BAI & DSS) Important to note that these processes run in conjunction with and across all APO, BAI & DSS domains and processes associated at these domains. This defines the management objective (as COBIT 5 defines management), that works at each of the three domains aforementioned. COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice MEA01 Monitor, Evaluate and Assess Performance and Conformance Related VicRoads Goal/Challenge & Hints for VicRoads Provide transparency of performance and conformance and drive achievement of goals. MEA01.01 Establish a monitoring approach. 1. Identify & engage. 2. Align and continually maintain the monitoring and evaluation approach though agreeing on the goals, metrics life cycle management and change control. 3. Request, prioritise and allocate resources for monitoring. Goal: Transparency across IM&T and VicRoads Hints MEA01.02 Set performance and conformance targets. 4. Periodically validate the approach. 1. Define and periodically review with stakeholders. 2. Communicate proposed changes to performance and conformance targets and tolerances with stakeholders. 1. Incorporated across APO BAI & DSS practices, transparency to stakeholders through engagement. 3. Evaluate whether the goals and metrics are adequate. MEA01.04 Analyse and report performance. 1. Design process performance reports. 2. Compare the performance values to targets and benchmarks. 2. Link through benefits realisation with performance goals and targets. 3. Recommend changes to the goals and metrics, where 38 of 68

44 - Proposed ICT Governance Plan COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice appropriate. 4. Distribute reports to the relevant stakeholders. 5. Analyse the cause of deviations against targets. Related VicRoads Goal/Challenge & Hints for VicRoads 6. Where feasible, link achievement of performance targets to the organisational reward compensation system. MEA02 Monitor, Evaluate and Assess the System of Internal Control Obtain transparency for key stakeholders on the adequacy of the system of internal controls and thus provide trust in operations, confidence in the achievement of enterprise objectives and an adequate understanding of residual risk. MEA02.01 Monitor internal controls. 1. Perform internal control monitoring and evaluation activities based on VicRoads governance standards. 2. Identify the boundaries of the IT internal control system. Goal: Fully Align IM&T with VicRoads across each of the APO BAI & DSS practices. 3. Ensure that control activities are in place and exceptions are promptly reported. 4. Regularly evaluate the performance of the IT control framework. 5. Assess the status of external service providers internal controls and confirm that service providers comply with legal and regulatory requirements and contractual obligations. Hints 1. Benefits delivery through astound IT- Business alignment in process and goals. MEA02.04 Identify and report control deficiencies. 1. Identify, report and log control exceptions, and assign responsibility for resolving them and reporting on the status. 2. Identify, initiate, track and implement remedial actions arising 39 of 68

45 - Proposed ICT Governance Plan COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice from control assessments and reporting. Related VicRoads Goal/Challenge & Hints for VicRoads MEA02.06 MEA02.08 Plan assurance initiatives. Execute assurance initiatives. 1. Determine the intended users of the assurance initiative output and the object of the review. 2. Perform a high-level risk assessment and/or assessment of process capability to diagnose risk and identify critical IT processes. 3. Select, customise and reach agreement on the control objectives for critical processes that will be the basis for the control assessment. 1. Communicate with management during execution of the initiative. 2. Supervise the assurance activities. 3. Provide a report that supports the results of the initiative and enables a clear focus on key issues and important actions. Table 9 Monitor, Evaluate & Assess 40 of 68

46 - Proposed ICT Governance Plan Evaluate, Direct & Monitor (runs across APO, BAI & DSS) Important to note that these processes run in conjunction with and across all APO, BAI & DSS domains and processes associated at these domains. This defines the governance objective (as COBIT 5 defines governance), that works at each of the three domains aforementioned. COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice EDM01 Ensure Governance Framework Setting and Maintenance Related VicRoads Goal/Challenge & Hints for VicRoads Provide a consistent approach integrated and aligned with VicRoads governance approach. EDM01.01 Evaluate the governance system. 1. Analyse and identify the internal and external environmental factors. 2. Determine the significance of IT and its role with respect to the business. Goal: Create a sustained business to IT understanding and alignment through the governance framework setting. 3. Consider external regulations, laws and contractual obligations. Hints EDM01.03 Monitor the governance system. EDM02 Ensure Benefits Delivery 4. Align the ethical use and processing of information and its impact. 1. Assess the effectiveness and performance in governance of enterprise IT. 2. Maintain oversight of the extent to which IT satisfies obligations. 3. Provide oversight of the effectiveness of, and compliance with, VicRoads s system of control. 1. Sustained and consistent approach to governance of IT in VicRoads. Secure optimal value from IT-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs 41 of 68

47 - Proposed ICT Governance Plan COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads and likely benefits so that business needs are supported effectively and efficiently. EDM02.01 Evaluate value optimisation. 1. Understand stakeholder requirements as well as key elements of governance required. Goal: Sustained value optimisation EDM02.02 Direct value optimisation. 2. Evaluate how effectively VicRoads and IT strategies have been integrated and aligned. 3. Consider how well the management of IT-enabled investments, services and assets aligns with enterprise value management practices. 4. Evaluate the portfolio of investments, services and assets for alignment with the VicRoads strategic objectives. 1. Direct management to consider potential innovative uses of IT that enable the VicRoads to respond to new opportunities or challenges. Hints 1. Cyclic evaluation and delivery of benefits to ensure continuity and progression. 2. Direct any required changes in assignment of accountabilities and responsibilities for executing the investment portfolio. 3. Define and communicate VicRoads-level value delivery goals and outcome measures to enable effective monitoring. 4. Recommend consideration of potential innovations, organisational changes or operational improvements that could drive increased value for VicRoads from IT-enabled initiatives. EDM03 Ensure Risk Optimisation Ensure that IT-related enterprise risk does not exceed risk appetite and risk tolerance, the impact of IT risk to VicRoads value is identified and managed, and the 42 of 68

48 - Proposed ICT Governance Plan COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads potential for compliance failures is minimised. EDM03.01 Evaluate risk management. 1. Determine VicRoads risk appetite. 2. Evaluate and approve proposed IT risk tolerance thresholds against VicRoads s acceptable risk and opportunity levels. Goal: Build risk management into strategy and practices. 3. Determine the extent of alignment of the IT risk strategy to enterprise risk strategy. 4. Evaluate risk management activities to ensure alignment with VicRoads s capacity for IT-related loss and leadership s tolerance of it. EDM03.02 Direct risk management. 1. Promote an IT risk-aware culture and empower VicRoads to proactively identify IT risk. 2. Direct the integration of the IT risk strategy and operations with VicRoads strategic risk decisions and operations. 3. Direct the development of risk communication plans and risk action plans. Hints 1. Evaluate, direct and monitor risk factors across all proposed processes. EDM03.03 Monitor risk management. 4. Identify key goals and metrics of risk governance and management processes to be monitored. 1. Monitor the extent to which the risk profile is managed within the risk appetite thresholds. 2. Monitor key goals and metrics of risk governance and management processes against targets, analyse the cause of any deviations, and initiate remedial actions to address the underlying causes. 43 of 68

49 - Proposed ICT Governance Plan COBIT Ref Proposed Practice Proposed Activities Ideal Steps to Achieve the Proposed Practice Related VicRoads Goal/Challenge & Hints for VicRoads EDM05 Ensure Stakeholder Transparency 3. Enable key stakeholders review of VicRoads s progress towards identified goals and report any risk management issues to the IA&T committee. Make sure that the communication to stakeholders is effective and timely and the basis for reporting is established to increase performance, identify areas for improvement, and confirm that IT-related objectives and strategies are in line with VicRoads s strategy. EDM05.01 Evaluate stakeholder reporting requirements. 1. Examine reporting requirements relating to the use of IT within VicRoads and therefore, maintain principles for communication with external and internal stakeholders. Goal: Effective stakeholder engagement that ensures transparency. EDM05.02 EDM05.03 Direct stakeholder communication and reporting. Monitor stakeholder communication. 1. Direct the establishment of the communication strategy for external and internal stakeholders. In addition, direct the implementation of mechanisms to ensure that information meets all criteria for mandatory IT reporting requirements for VicRoads. 3. Establish mechanisms for validation and approval of mandatory reporting as well as establish reporting escalation mechanisms. 1. Periodically assess the effectiveness of the mechanisms for ensuring the accuracy and reliability of mandatory reporting. Hints 1. The committee structure to gather and disseminate information has proven successful, transparency can be driven through these media. 2. Periodically assess the effectiveness of the mechanisms for, communication with external and internal stakeholders. Therefore, determine whether the requirements of different stakeholders are met. Table 10 Evaluate, Direct & Monitor 44 of 68

50 Proposed ICT Governance Plan 4.4 Proposed ICT Governance Performance Measurement In early stages of this document, it was detected that VicRoads Strategic Plan has the deficiency of "lack of Service Level Agreements - SLA" that is the tool will help the organization to deal with the relationship between VicRoads and external providers. It is worth mentioning that the tool is useful and can be applied to internal providers as well. In this way, next there are the guidelines for the writing of a Service Level Agreement - SLA for VicRoads and IM&T. It is recommended to design, develop and establish a SLA for each Provider - Contract - Project that VicRoads / IM&T wishes to perform. The SLA document must define the following sections: a) Context This document s section must establish the Background and Purpose of the project and the SLA document. An important part of this section is the list of all the Stakeholders involved in it, including a brief description of each one. The goal of this section is to provide to the reader the necessary information to understand, what the project is, why the project is ongoing ad the most important, who is impacted by the achievement or not achievement of project objectives. b) Scope Overview This section must provide an overview of the Project s scope, specifying the responsibility of each participant or party involved in the contract. By participant in the project we must understand VicRoads and /or IM&T as Customers, as well as any other party as Provider. A good complement for this sections is describe if there will be any potential variations in the scope mentioning how this variation can be managed during the project execution and if the variation must be subject to conditions. In this case, the conditions must be clearly specified. c) Detailed Specification This document s section provides information about the specifications that products or services must meet for each party: Customer and Provider. Specialized task must be referred to the specific literature. For example: 1. "The Contractor must: a. (System) provide a System to record Incidents in accordance with the System Technical Specification (Schedule 5); and b. (Processes) log, record, assign a Priority, and conduct notification processes for all calls in accordance with the Operator s Manual." (The Cullen Group, 2013) 45 of 68

51 Proposed ICT Governance Plan Best practices indicates that the specification "never meant to be an exhaustive list of tasks, but fairly represents the type of activity expected" (The Cullen Group, 2013) Another good practice is to mention clearly what is not included in the scope. d) Key Performance Indicators - KPI s This section is vital to the document in terms of how the service will be measure and to maintain monitoring of the services that the providers are giving to VicRoads and / or IM&T. Here it is where the Key Performance Indicators - KPI s are established. It is recommended that the KPI s should express at least the Minimum Standard Metrics acceptable to be achieved by the provider(s). It is a good practice to establish two more different indicators: target indicator and outstanding indicator. The target indicator is the metric that, when achieved, the relationship between Customer and Provider is normal, in other words, the service is being provided as planned. The outstanding indicator is the metric that, when achieved, the relationship between Customer and Provider is strengthened. This metric represents the optimal level of service. Next is an example of how the KPI s can be written. KPI Training session Grade Formula Training session Grade = Average of the grades given to the course by the participants Grade Frequency Minimum Target Outstanding 80/100 90/100 95/100 Quarterly Quarterly Report Date in which the quarterly report with the grade obtained by the course is submitted. One (1) day after the training finishes Same day that the training finishes N/A Quarterly Annually report Date in which the annually report with the information and grades of all courses in the year is submitted. One (1) month after the anniversary of the contract Two (2) weeks after the anniversary of the contract One (1) week after the anniversary of the contract Annually Table 11 KPI Examples It is worth to notice that the table contains the column "Formula". This column mentions the way how the KPI will be measured. This information should be establish per each KPI and must be assessed in a regular basis such as is indicated in the column "Frequency". It is convenient to mention as well that not all the KPI should have the three types of grades: Minimum, Target and Outstanding. This grades depends on the KPI and its nature. 46 of 68

52 Proposed ICT Governance Plan As shown in the previous table, the second row describes a KPI that does not have outstanding grade. e) Performance Management Scheme This document s section is aimed to establish the actions that should be taken when the service performance is located below the minimum or above the target KPI. This practice is intended to set positive and negative incentives to the provider linked to the service performance delivered. f) Service s performance below the minimum acceptable This situation occurs when the service s performance is below to the Minimum Standard Metric required to the provider. In this case the document must establish what the effect of poor performance is. Different actions and consequences can be expressed here. For example, if one KPI is not met, the first consequence is a performance discussion to look for the root of the problem. This level of poor performance also constitutes the first call of warning for both, Customer and Provider, regarding something is going below what it was planned. It is recommended to take action to first signals of poor performance. Another sort of actions that can be applied are, but not limited to: Agreed corrective plans, apply penalties and even contract termination. Next figure depicts the way in which it is recommended to proceed when KPI s are not met. Performance discussion Level 1 Rectification Notice Level 2 Corrective Action Plan Level 3 Direction Notice Level 4 Termination Level 5 Figure 6 Escalation procedures Source: (The Cullen Group, 2013) 47 of 68

53 Proposed ICT Governance Plan The next table can be used as criteria to evaluate the occurrences and the penalty level in case of poor performance. The table can be adjusted to ensure the service s delivery quality, depending on the KPI s and its nature. Number of KPI failures Number of Occurrences of the same KPI failure in a Rolling 3 Month Period More 1 Level 1 Level 2 Level 3 Level 4 2 Level 1 Level 2 Level 3 Level 4 3 Level 2 Level 3 Level 4 Level 4 More Level 3 Level 4 Level 4 Level 5 Table 12 KPI Evaluative Criteria Measure Source: (The Cullen Group, 2013) Service s performance above the Target KPI - Outstanding level This situation occurs when the service s performance is above the Target Standard Metric required to the provider. In this case the document must establish what the effect of outstanding performance is. This represents the acknowledgement of services delivered by the provider. Different actions can be expressed here to encourage the provider to continue delivering services with the same grade of achievement. There are a myriad of ways to give acknowledge to the providers. It is worth to mention that not all the incentives are economical. An example of non-economic incentive can be provide a permit to make a case study for marketing purposes. All the incentives should be analyzed and authorized keeping in mind the interest of the stakeholders. g) Reports This document s section is aim to define the number of reports required to the Provider for the purposes of performance monitoring. It is recommended to establish a matrix of reports to be issue and the specification each report must meet. For example: Reports description, minimum information required in its content, People who should receive the report, periodicity and Report Category. Below is an example of the report specification. 48 of 68

54 Proposed ICT Governance Plan Title Description Key Fields Trend Analysis Distribution List Timing Report Category Client Satisfaction Rating results of Tickets attended by segment Minimum, Target and actual KPI per business area Number of "1" ratings Every month since Commencement by Metropolitan and Regional Actual KPI, in total and by business area Metropolitan and Regional Managers Monthly KPI Number of and list of Tickets with a "5" rating Number of Tickets opened per business area Every month since Commencement classified by Metropolitan and Regional area Service Tickets Report of tickets opened and its status during the period Number of tickets attended per business area Number of Tickets per business area per period Metropolitan and Regional Managers Monthly Operating Number of tickets unattended per business area Number of Tickets with expired KPI s per business area per period Table 13 Report Specification Example The reports can be classified into different categories such as: Strategic Reports, Performance (KPI) Reports, Operating Reports, Progress/Status Reports, Incident/Exception Reports, etc. The report category is flexible to manage the categories needed by the project. All the reports are aimed to provide useful information to the stakeholders. 49 of 68

55 Proposed ICT Governance Plan 4.5 Identified Enterprise Enablers COBIT 5 describes enablers that are extremely essential to make the proposed governance and management framework function effectively. A holistic approach with these enablers, where the enablers function inter-connectedly is required to attain the proposals with success. These enablers have generic dimensions namely stakeholders, goals, life cycle and good practices that facilitate simple and structured interactions among them to achieve successful outcome. These are further filtered to equip the purpose of enablers to influence the functionality, by enabler performance management. The categories of enablers along with the achievements required out of them is comprehensively discussed below Processes Processes involve collection of all the practices and processes proposed under section 4.3 and 4.4 respectively that manipulate the current operating structure to deliver service as desired by VicRoads in alliance to its strategic directions. Stakeholders: The stakeholders involved have been briefly discussed under section The proposed adaptation of processes placed a requirement on re-defining the roles and responsibilities for the stakeholders involved. Through the entire process of defining the strategic directions, practices and processes involved in actuating them, explicit mention of external stakeholders is not specified. But, with inference to actions adopted to satisfy the outcomes, it can be inferred that the external stakeholders are none other than the Victorian road users. Goals: The strategic directions mentioned define the final outcome expected from the any practices adopted or proposed to be adopted. Intrinsic goals: VicRoads Annual Report states that section 87 of the Transport Integration Act 2010 reflects the functions required to instigate the final purpose of VicRoads system. Some of the vision to meet VicRoads performance against the Strategic directions like SmartRoads approach for operation and maintenance of road systems, release of Cycling Strategy to foster environmental sustainability, Key performance Indicators used to initiate several developmental plans and schemes by VicRoads and more, have been implemented and others designed and planned for implementation. The practices and processes to cultivate these visions have been mentioned under Section 4.3 which gives a detailed clarification of processes to be adapted to meet the final outcomes of the strategic directions. As mentioned in section 3.2.4, no clear documents defining the policy framework have been justified. The policy and programs involved in VicRoads as mentioned in the same section should be documented to assure compliance with the internal and external rules. 50 of 68

56 Proposed ICT Governance Plan Contextual goals: Miss-alignment of activities with strategic directions was discovered according to the process analysis carried out. Hence, a strategically aligned process has been proposed which is relevant and understandable following the associated framework. Accessibility and security goals: Mandatory disclosures under VicRoads Annual Report 2013, describes the detailed necessary policy framework adapted with accessibility allowance under Freedom of Information Act. It also mentions several compliance acts in order to have security on varied grounds. Life Cycle: Each process has a life cycle. After the process is initiated, continuous monitoring of the running process is required in order for continuous improvement to optimise the delivery of final strategically directed objectives. Good Practices: The detailed practices, activities and detailed activities under the guidance of COBIT5 framework have been mentioned above for effective and practical governance and management of enterprise goals along with IT. Enabler Performance Measurement: Lag indicators in Section and provides a detailed description of involvement of personnel and the related activities respectively in meeting the goals to comprehend strategic directions and needs of external stakeholders. To measure these actions the required ICT Governance Performance Measurement is described under section 4.4. Lead indicators in section define the performance matrix related to the actuators above Organisational Structure Organisational structure provides a concrete structure to make functionality of processes effective. The structured authoritative accessibility, delegation and operating principles escalate the processes towards practical realization. Stakeholders: Section and mention the proposed assigned roles and responsibilities. Also the governance providing statutory framework as mentioned in the VicRoads Annual report 2013, gives the appointment details for managing the functions of Road corporations consistent with its objectives in the Transport Integration Act. The external stakeholders, the Victorian road users are the influencers for the evolution of these strategic directions for VicRoads that drive the organizational structuring. Goals: An organizational structure as deciphered by VicRoads has been implemented as described in VicRoads Organizational Chart at September 2013 in The VicRoads Annual Report The authoritative accesses provided to any data required by VicRoads management should be 51 of 68

57 Proposed ICT Governance Plan implemented as per requirement. The operating model is enhanced in section 4.1 and governance matrix is rearranged in section 4.2 as per requirement to enable well-defined operating principles. The Right Decision Making is also re-considered to alter the faults in the existing structure. Life Cycle: The Proposals for ICT framework with assistance from COBIT5 provide an undoubted justification for every re-structure and existence of a process or operation which is necessity in the life cycle of an organizational structure. Good Practices: The delegation of roles and responsibilities as mentioned in section describes level of involvement of each role for the process practices or activities. Also as differentiated in governance arrangement matrix, the assignment of right skill sets of people has been allegedly made for increased effectiveness of procedures. Also the implemented policy framework guides the rightful enactment from each responsible individual Culture, Ethics & Behaviour Ethical behaviour is extremely essential for effective managerial decision making and to maintain cultural unanimity for the entire team to work together effectively. Stakeholders: The Stakes go twofold: The Strategic Leadership Team, Information Access and Technology, all the executives and directors and staff involved in actuating the entire enterprise reactiveness towards goals act as the internal stakeholders. The Goals: It can be inferred from VicRoads Annual Report 2013, that effective road service provision is being enabled along with workforce planning. With the activities imparted in the previous sections, organizational governance can be revised to build capability in order to develop effective leaders. Also the technical department seems to be embellished by several assessment, training and developmental programs. Actions to strengthen culture have been adopted to promote ethical behaviours that are required to align with the key elements of VicRoads culture. These include reward and recognition program, enhancement of women in business and Senior Leader visiting the Strategic Leadership Teams. Life Cycle: Ethical behaviour is extremely essential in order to achieve goals in accordance to the enterprise culture. The required changes in behaviour can be achieved by following tools described under good practices. Good Practices: As described in the current ICT governance model, no liaison communication is maintained through the entire organizational structure. This poses an expected delay or intension towards unstructured 52 of 68

58 Proposed ICT Governance Plan escalation of procedures in attaining the goals upholding strategic directions. Continual actions imparting incentives to desired ethical behaviour should be maintained in order to encourage and deterrent this desired organizational behaviour. Rules and norms in relation to principles and policies should be strictly followed for uniformity and cultural abidance. This would eventually avoid mismatch values and means to realize the values Information Resources The information enabler deals with all the information relevant for enterprises. To consider information enabler we d have to consider the information cycle as information is a part of this cycle. So basically, the business processes generate and process data which transforms into information and knowledge which finally generates value for the enterprise. Figure 7: Information Cycle Stakeholders: The information cycle reflects that in this case that it is important to find the stakes possessed by the stakeholders more than just identifying the stakeholders. This means that the information stakeholder roles can be defined based on the separate phases in the cycle. Hence in VicRoads, Goals: Gaols are classified based on the quality to be perceived out of the information. Intrinsic Quality: This refers to the accuracy, objectivity, believability and reputation of the data in conformance to the actual or true values. VicRoads exhibits this through the annual reports it maintains. These reports, compile all the necessary information, assuming that it 53 of 68

59 Proposed ICT Governance Plan is taken up with intrinsic quality behaviour to decipher the further actions based on the shortcomings or requirement of advancement. Contextual and representational quality: This refers to the information stored to suffice the needs of the information user. It refers to the way it is presented to the user; intelligibly, in a clear manner and easily understandable. The annual report format followed by VicRoads provides a justification and direction to the actions to be taken by the enterprise. The justification to alignment in achieving the strategic directions can be conceived from the relevance, completeness and appropriate amount of the data in this report. To aid financial management as well, a fair justification is provided by this report. The problem with this information being only that the data provided states the plan of actions more than the concise applied actions or procedures. Security/ Accessibility quality: This refers to the extent to which the information is available. Timeliness availability of data is maintained by VicRoads in the form of annual reports. But, there are no traces of security measures in context to accessibility or any issue applied throughout the enterprise. The application of security measures is a key factor, VicRoads needs to concentrate on. Life Cycle: The life cycle applies to the different phases in the information cycle. Under these phases the steps that it undergoes are planning, designing, building/ acquiring, using/ operating under which it can store, share or use this information to accomplish the desired goals. This information is usable by the stakeholders at several stages for different purposes like it may be for acquiring information to fulfil the tasks associated to their roles and responsibilities, interacting with each other or passing information further for the consequent event to take place and so on. This interaction among the stakeholders with this information should be done with monitoring of data on accountability, delegation along with direction setting, alignment, execution and control. After the required usage of data is done, in order to avoid turmoil this information can be discarded when it is of no usage for any further activities. Best Practices: The nature of information is very versatile. It can be best explained through defining and describing its properties. Furthermore, information is valuable only if it is used wisely and actions are taken by inferring data from this information ICT Services, Infrastructure & Applications Service capabilities are resources like infrastructure and applications that influence the delivery of IT services. Stakeholders: The stakeholders identified to enhance the infrastructure and applications that are internal involve the effective leaders, technical team and the entire road system work force to perform activities in 54 of 68

60 Proposed ICT Governance Plan order to achieve the main goals of strategic directions. Their development or strengthening of these capabilities is required in order to foster service capabilities. Goals: A proper consensus is brought about regarding the activities or processes to be followed as the financial statement developed describes the importance of investments in various sectors. Financial management is also adopted in order mange the varied resources for VicRoads with cost effective measures. Life Cycle: A detailed analysis above has resulted into a structured approach defined the future capabilities to be imbibed to cover the building blocks of target infrastructure model. The current one being followed comes under the capabilities that are used to delivers services on the time frame of target architecture. Good Practices: COBIT5 defines several good practices and principles to be adopted in order to improve the delivery of services. Here, Reuse: This practice can be adopted by building up on the previous experiences of VicRoads to improve upon the delivery of services further to the users. Simplicity: To meet the requirements of VicRoads the plan of action planned and adopted should be simple with clarity as well as easy to be maintained and designed. Agility: As continuous improvement program needs to be incorporated every time, depending on the feedback from the previous practice implementations, enterprise architecture should incorporate agility to confer the continuous business and strategic changes. With defined Service Levels, architecture deliverables like technology infrastructure, hardware etc. should be used to fast track creation and actuation of successful architecture deliverables People, Skills & Competencies The people with right skills and competencies are required for the optimum progress in every organization. The necessary details in different aspects have been discussed below. Stakeholders: The stakeholders are everybody right from the director, technical teams and also the external participations in making VicRoads achieve any of its strategic directions. Here the external stakeholders can also refer to the bicycle users of the Program initiated by VicRoads. The skill sets have been efficiently segregated at VicRoads as they already have distinct skills set for technical and management issues. 55 of 68

61 Proposed ICT Governance Plan Goals: With the financial arrangement and management made, the goals for skills and competencies are the required technical expertise in IT, efficiency of the trainers providing training in the training programs, ethical or organizational behaviour etc. Also equivalence to education level needed has been considered in VicRoads as it implies the implementation of Graduate programs. Life Cycle: According to the changes in strategy VicRoads has already implemented training programs which help in building up the required skill set among employees after the end of life cycle of the prior requirements. Also by recruiting new graduated for graduate programs helps them refresh increase their knowledge and innovative skill base. Also this improvement is enhanced with their cultural strengthening program of rewarding and bonuses. Good Practices: A comprehensive skill set definition is not present at VicRoads. It is necessary to develop this to describe the different skill levels required from different skill categories. These help in gaining the appropriate output from the relative stakeholders. 56 of 68

62 Proposed ICT Governance Plan 4.6 Proposed ICT Governance Design Framework Enterprise Strategy & Organization Deliver better service Build better communication and service platform Optimization the integration the business processes and systems Improve operational efficiency Integration of all applications Implementing appropriate technologies and processes Better engagement Optimization and convergence of service delivery channels ICT Governance Arrangements Maintain the federal archetype only for decision input, but not for decisionmaking Duopoly decision-making archetype IT Monarchy archetype Empower the stronger ICT leadership archetype particular the Executive Director IM&T Gather more opinions and information from other government department and public citizens Business performance Goals Improving the user experience More quickly and easily access content Increased staff satisfaction, utilization of and engagement ICT Infrastructure & Desirable Behaviour Integrated and unified customer service delivery channel Reduce security risks and improve authority, accuracy and availability. Develop appropriate IM&T capabilities and technologies. Consolidate and integrate business system, applications and information. Integrate Corporate Business System platform ICT Governance Mechanisms Forming independent IM&T department With CIO become member of the Strategic Leadership Team, IA&M Committee need to constant to report them. IM&T council of IT and business executive Service level agreement Lower level senior management announcement Annual global IT consultation on strategy ICT Metrics & Accountability Risk Metrics analysis Rewarding metrics system Figure 8: Proposed ICT Governance Design Framework 57 of 68

63 Proposed ICT Governance Plan Alignment of ICT Infrastructure and Behaviours with Organisational ICT Strategy When we talk about the alignment of ICT Infrastructure and Behaviour with Organizational ICT Strategy, we are talking about how they are harmonized. The alignment is mainly addressed in the VicRoads strategic goals: building capability & integration lead to easy and reliable services, encouraging innovation & optimize investment lead to the improvement of operation efficiency, and effective cooperation & collaboration lead to better engage. In order to build a strong capability and improve the integration to provide a better and reliable service to the customer, the team has tried to understand the current ICT infrastructure. Based on the understanding of the current situation, we proposed different monitoring approaches in the early sections for the VicRoads strategic plan. These approaches will focus on providing better real-time monitoring system to the current ICT. This is the way we propose to build effective processes and contribute with the business goals. Also, the business expectation will be enhanced. Meanwhile, by integrating and improving the operation performance, making stronger capability planning and provide reliable services will create an easier, efficacy and sustainable capability to refill back to the ICT infrastructure. Furthermore, management of IT risk analysis will make more effective to deal with risks when they appear and allow having better plans to minimize the impacts to avoid major traffic problems. This risk progress service actually provides better service to the customer, which align with the VicRoads strategic goal. Moreover, we also proposed better resource management plan. It would help VicRoads to best utilize the ICT resource and create the best value of the resources. The alignment between the ICT infrastructure and organization strategy is try to maximize the utilizable of the current ICT infrastructure to create the best value to match the organization strategic goals. This is the way to create stronger capability of ICT or enhance it with process standardizations, integrations, and more platforms. The following diagram will help VicRoads to understand in a better way the alignment and also provide some hints for what they can do or continue do better. 58 of 68

64 Proposed ICT Governance Plan Improve utlilability of current ICT technology Enhancing Capability Implementing appropriate business enabling technologies and processeses Improve government program delivery capability Enhancing ICT workforce skills Optimization & convergance of service delivery channels Deliver Better Deliver Better Services Services Standardising business processes Improving Services Integrating systems on a moderm platform Integration arcross the transport systems Figure 9 Strategic Alignment: Deliver Better Services Furthermore, the alignment also relates the ICT management and cost, so we also proposed ICT resource management and ICT budget analysis in earlier sections. It will be well support the costvisible of this strategic plan for the VicRoads and provides the more accurate accountability. With the detailed proposed plan, the ICT investment is more optimized and the procurement also increased. Simultaneously, the standardized and integrated infrastructure also provides a more unique platform for the VicRoads for further innovation and better operational approaches. 59 of 68

65 Proposed ICT Governance Plan Improve the management of roadrelated assets Investing Optimzation Integration of all applications collabrate resources, capabilities and assets Implementing appropriate technologies and processes to the staff Improved Efficiency Encouraging Innovation Implementing appropriate technologies and processes to the staff Examine and adopt new and emerging technologies more rapidly Figure 10 Strategic Alignment: Improved Efficiency Moreover, alignment needs better collaboration which lead to better engagement. We proposed better ICT processes and address the communication between stakeholders and customers. The first business priority of this strategic plan is focus on the enhancing customer service delivery and stakeholder engagement. Hence, for better engagement, we need the ICT infrastructures working more cooperated with customers. With better understanding of customers needs, VicRoads would have better idea to satisfy its customers. Hence, we proposed the new ICT strategy will be more concern on providing more reliable and easy access platform to help VicRoads for better collaboration and cooperation with customers, internal organization, and other governance departments. 60 of 68

66 Proposed ICT Governance Plan Build channels to share information with other govenment department Cooperating Effectively Building better communication& service platforms Build channel to update the road enmergance information on time Better Engagement External & Enternal networks collaboration Collaborating Effectively Integration & consolidation of processes and systems Optimization & convergence of service delivery channels Figure 11 Strategic Alignment: Better Engagement Alignment of ICT Governance Mechanisms with ICT Governance Arrangements With the understanding of the current VicRoads governance structure and helped by the current ICT governance arrangement metrics analysis, we noticed there are some problems with VicRoads current governance structure. VicRoads is using federal decision-making archetype for almost all of their operations process. However, federal archetype is not always the best in all cases. For a better alignment with ICT governance mechanisms and reducing the weakness of the federal governance arrangement, we proposed better IM&T decision-making structure to empower authority of IM&T committee and IA&T committee in the ICT strategy and governance decisions. In the proposed governance arrangement section, we proposed some new roles and responsibilities of committees and some top manager particular like CIO. Those people who understand the ICT, more power or responsibilities as they are supposed to be in the ICT governance arrangement. With those new roles or responsibilities, we also address in measurement of management structure, which would help the alignment of the ICT governance 61 of 68

67 Proposed ICT Governance Plan arrangement. Furthermore, for better support, VicRoads not only simply defined the roles and responsibilities, but also should document those roles and duties and sign off in Strategic Leadership Team (SLT). The documents should clearly present to all level staffs of the VicRoads. Meanwhile, based on the understanding of the VicRoads governance structure, we believe topdown would be best approach to align with the ICT governance mechanisms. However, for the better imply this approach for VicRoads, we need someone in the top management and have the authority with the responsibilities. We notice that VicRoads' CIO is not working or taking responsibilities she supposed to be after the governance restructure last year. Hence, we made her take more responsibilities in the IA&T committees and even SLT. She would help VicRoads top managers better understand, observe, and concern how to optimize the ability of the ICT governance mechanisms Alignment of ICT Performance Metrics and Accountability with Business Performance Goals The performance with clear measurement would more meaningful. In the early section of performance measurement, we proposed more detailed performance measurement plan for the VicRoads managers. Every specific roles and responsibilities should be clearly defined in a SLA and also the business performance goals should be clearly measured in tactical plans. It will be easier for those VicRoads employees to understand whether they are align with the organization s business goal and how well their performance looks like in a more clearly measured position. Clear SLA s and performance metrics settled up by the managers including relevant reward systems, would be sufficient for the staff to understand their job, how to do it, and how to do it better with clear motivations. It is not only set the performance metrics align with the business performance goals, it is a way to pursuit a better engagement with the organization. On another hand, clear set up of SLA s with the employee s creates better engagement and also they will provide a better customer service. 62 of 68

68 Proposed ICT Governance Plan 4.7 Proposed Implementation and Change Management Introduction The ability to manage changes within an organization has failed largely due to the inability of failure in stakeholders involvement during change (Cheese, 2004). The other factors that hinder organization from change are the ability to not accept change and also not having a change management plan. VicRoads in their next three years focuses on change objectives that are inclined both within the organization and also external. On that front, it is fundamental that VicRoads needs to focus on the contextual issues that force VicRoads to review internal and external environments (Achilles A. Armenakis, 1999). Therefore, the key factors that are important for VicRoads to transit with regularity and agreed acceptance can be segregated into 4 main themes, which will discussed and justified in the following section, followed by the change and implementation plans Themes for Increasing Agreed Acceptance of Change Individual Participation: VicRoads is a fairly large organization with associates engaged in different roles. It would be ideal to engage all associates when dealing with change. The associates within the organization need to understand the basic necessity of change. In this case, it is proposed that there needs to be a change in the organizational structure. Change in the organizational structure can bring about an effective change in management roles and future organizational development. Therefore, an individual participation expands at intensifying the organizations design that designs a culture among the associates that can handle and manage change. Focus on Process: As much as the focus is on Individual participation in change across organization, it is important to deal with the process management. The change in organization is a step by step process where the needs of the business are aligned with the evolvement of markets. Since, there is a growth in every aspect of the market, it is radical that the organizations start building a process to manage and implement change from the lower level to the executive levels of the management. With the respect to VicRoads, the process of change is set up to be a top-down approach to drive change wherein, the executives at VicRoads take decisions and gather information to manage and implement change. But, it is ideal and recommended that these changes are effectively communicated to the other stakeholders. Furthermore, it is also necessary to involve the other stakeholders while setting up the strategic plan and direction for the company. This helps the associates in VicRoads as to why the changes are necessary and where the organization is propelling ahead. Metrics to track progress: The first two themes have focused upon the individual participation of change and process to implement to change. The next fitting theme would be measuring change in 63 of 68

69 Proposed ICT Governance Plan the organization (i.e.) a metrics to track progress. A change in an organization entails a view from different dimensions but a successful organization not only understands these dimension but also measure these directions while taking a journey to manage change effectively. With respect to VicRoads, it is vital to track progress because in their previous strategic direction plan, it did not make a sizable progress. VicRoads needs to build a performance management technique that aligns right goals and objectives. Some of the techniques that VicRoads can adopt to track progress is to build an empowering team with guidance from governance and emerging technologies. With reference to the empowering team it is imperative to build an accountability metrics that can track the target and the baseline progress assessment on the change journey. The baseline refers to the current position of VicRoads and the target is the defined direction that VicRoads reinforces in transformational change. (Cheese, 2004) For instance, in VicRoads the stakeholders (commuters) are a key asset to measure change. The change can be measured by analysing the customer satisfaction, since VicRoads wants to develop a road system that would be easy to communicate across all sides of Victoria. In the proposed implementation of risk management strategy, it is vital whole VicRoads understand the purpose of risk management strategies. For instance, VicRoads needs to maintain a security plan that aligns with the enterprise strategy and enterprise architecture. This security plan needs to be measured by collecting and analysing data that tracks the progress of change. By developing a management technique to track the progress of change, it not only becomes easier to implement change but also the parameters that suggest what works and what doesn t. Overcoming temporary and adapting continuous change management: As there is an increased need in organizations to become more flexible and adapt to changes, it also becomes vital to challenge sustainability in exponentially evolving and business contexts (BRANNMARK & BENN, 2012). On that front, the external environment forces to create internal changes within the organization to become proactive to change. With respect to VicRoads, the change in organizational structure is a prerequisite, as it works on a top-down approach to initiate change the organization where the executives define goals. It is strategically important to delegate the importance of continuous change to stakeholders in natural environment. By involving all the stakeholders in organizations change management, it becomes an action of sustainability and can drive change in a long way. VicRoads plans for the future keeping in perspective the importance of customers and setting objectives accordingly. The other proposed changes along with the objectives of VicRoads need to go hand-in-hand in order to provide an effective direction plan. With the four themes proposed above, it becomes easier for VicRoads to implement change along with the proposed changes depicted in this report above. All these four themes bring up together a stage by stage implementation of change management. All the four themes focus on a particular aspect and the design of the theme is to help in the smooth transition of change from the current state to the future state. 64 of 68

70 Proposed ICT Governance Plan Change Plans and Implementation VicRoads plans to change can be assisted with the guidance of understanding the scope of the new proposed implementation and also the other stakeholders readiness to change. Change Plans in VicRoads The proposed proposals look towards building the system towards aligning its actions towards achieving its goals with greater assurance. In order for this to take place effectively, the proposed changes need to be implemented with a special team that builds trust and establishes common goals throughout the organization. Additionally, it is important to build effective measures within the organization to track the change and also adequately implement the change. Once the proposed change plan is communicated and effective measurement techniques are organized, it is crucial to build a team to empower change. The team can be built by providing associated training and other human resources related processes. These teams can be given varied roles ranging from technical to operational depending upon the skills. These teams can be given short term and long term goals depending upon the crucial/ importance of bringing the change. With reference to the progress in managing change, it would be practical to have an additional plan to sustain ongoing awareness through regular communication. Additionally, it would be necessary to document changes according to the solutions implemented. Implementation of Changes in VicRoads: The above details depict the plan that needs to be adopted in the VicRoads in order to have an effortless change within the internal and external organization. But the most important phase in VicRoads would be the rollout and acceptance during change. Firstly, the solutions that need to be implemented should be aligned with the agreed-on expectations and outcomes during the change. Secondly, a test needs to be performed during the implementation of the proposed changes and each change needs to be measured properly and be continuously cultivated in a real environment, so as to understand the progress of change and the effectiveness of change within the organization. Thirdly, once the changes are ready to be rolled out, it would be appropriate to implement changes and analyse the behaviour and results after the implementation. Finally, there is a need to provide support during the change and after each proposal has been rolled out. All these steps together can be put together to form an effective change management plan. This would be an ideal way to implement change within the organization taking into consideration the continuous and magnanimous transition in the way VicRoads operates in the future. 65 of 68

71 References 5 References Achilles A. Armenakis, A. G. (1999). Organizational Change: A Review of Theory and Research in the 1990s. Journal of Management, BRANNMARK, M., & BENN, S. (2012). A Proposed Model for Evaluating the Sustainability of Continuous Change Programmes. Journal of Change Management, 15. Cheese, P. (2004). Change Management Disturbing the system. Outlook. Elmorshidy, A. (2013). Aligning IT With Business Objectives: A Critical Survival And Success Factor In Today s Business. Journal of Applied Business Research (JABR) 29.3, Gartner. (2014). Enterprise Architecture. Retrieved April 2014, from ISACA. (2014). COBIT 5 - A Business Framework for the Governance and Management of Enterprise IT. Retrieved from Kaufman. (2003). Critical Success Factors for Strategic Thinking That Works. Strategic Planning for Success, Luftman, J. (2004). Assessing business-it alignment maturity. Strategies for information technology governance, 4, 99. Rahman, H. (2008). Developing successful ICT strategies : competitive advantages in a global knowledge-driven society. Information Science Reference. Ross, J. W., Weill, P., & Robertson., D. C. (2006). Enterprise architecture as strategy: Creating a foundation for business execution. Harvard Business Press. The Cullen Group. (2013). Service Level Agreements - SLA s. Melbourne, Australia: The Cullen Group. VicRoads. ( ). VicRoads Strategic Directions. VicRoads. (2014, March). Overview of VicRoads. Retrieved from Weill, P., & Ross, J. W. (2004). IT governance: How top performers manage IT decision rights for superior results. Harvard Business Press. 66 of 68

72 References VicRoads VicRoads Information Management and Technology Strategy (2013 Revision). [ONLINE] Available at: htm. [Accessed 14 April 14]. VicRoads VicRoads Strategic Directions [ONLINE] Available at: htm. [Accessed 14 April 14]. VicRoads VicRoads Annual Report. [ONLINE] Available at: port.htm. [Accessed 14 April 14]. 67 of 68

73 Appendix 6 Appendix 6.1 Acronyms Some terms used in this document: Acronym APO BAI CIO DSS ED EDM ERM IA&T ICT IM&T IA&T ISO IT KPI MEA SLA SLT VoG WoVG Definition Align Plan & Organise Build, Acquire & Implement Chief Information Officer Deliver, Service & Support Executive Director Evaluate, Direct & Monitor Enterprise Risk Management Information Access and Technology information Communications technology Information Management and Technology Information Access and Technology International Standard Organization Information Technology Key Performance Indicator Monitor Evaluate & Assess Service Level Agreement Strategic Leadership Team Victoria Government Whole of Victoria Government Appendix I

74 Appendix 6.2 Table of Figures & Tables Figures Figure 1: Current Operating Model Figure 2: Current Governance Design Framework Figure 3: Proposed Operating Model Figure 4: Proposed Operating Model Enabling Architecture Figure 5: IM&T Department initial proposed structure Figure 6 Escalation procedures Figure 7: Information Cycle Figure 8: Proposed ICT Governance Design Framework Figure 9 Strategic Alignment: Deliver Better Services Figure 10 Strategic Alignment: Improved Efficiency Figure 11 Strategic Alignment: Better Engagement Figure 12: COBIT 5 Process Reference Model In respect to VicRoads' Proposal... III Tables Table 1 Analysis and Evaluation of Current ICT Governance Table 2: Operating Model Detailed Analysis Table 3: Current Arrangements Matrix Table 4: Current ICT Governance Performance Measurement Table 5: Proposed Arrangements Table 6 Align, Plan & Organise Table 7 Build, Acquire & Implement Table 8 Deliver, Service & Support Table 9 Monitor, Evaluate & Assess Table 10 Evaluate, Direct & Monitor Table 11 KPI Examples Table 12 KPI Evaluative Criteria Measure Table 13 Report Specification Example Appendix II

75 Appendix 6.3 COBIT 5 process reference model used in VicRoads The COBIT 5 process reference model subdivides the governance and management processes of enterprise IT into two main areas of activity: Governance This domain contains five governance processes within each, Evaluate, Direct, Monitor (EDM) practices are defined. Management These four domains are in line with the responsibility areas of Plan, Build, Run and Monitor (PBRM) The diagram below shows the complete set of 37 governance and management processes within COBIT 5, highlighting ( ) those most relevant for VicRoads and therefore used in this report. Figure 12: COBIT 5 Process Reference Model In respect to VicRoads' Proposal *adaptation from (ISACA 2014) Appendix III