Purpose:

Provides direction to solution and service delivery.

Objective:

Description:

Opportunity Generation, Capture & Analysis covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realization of the strategic vision needs to be planned, communicated and managed for different perspectives. A proper organization as well as technological infrastructure should be put in place. This domain typically addresses the following management questions:

• • Are IT and the business strategy aligned?
  • Is the enterprise achieving optimum use of its resources?
  • Does everyone in the organization understand the IT objectives?
  • Are IT risks understood and being managed?
  • Is the quality of IT systems appropriate for business needs?

Entrance Criteria:

• <?>

Exit Criteria:

• <?>

Process and Procedures:

• Manage the IT Management Framework
• Manage Strategy
• Manage Enterprise Architecture
• Manage Innovation
• Manage Portfolio
• Manage Budget an Costs
• Manage Human Resources
• Manage Relationships
• Manage Service Agreements
• Manage Suppliers
• Manage Quality
• Manage Risk
• Manage Security

Tailoring Guidelines:

• None

Process Verification Record(s):

• <?>
  • Stored By: <?>

Measure(s):

• Percent of active policies, standards and other enablers documented and up to date
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Date of last updates to the framework and enablers
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of risk exposures due to inadequacies in the design of the control environment
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of staff who attended training or awareness sessions
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of third-party suppliers who have contracts defining control requirements
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of objectives in the IT strategy that support the enterprise strategy
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of enterprise objectives addressed in the IT strategy
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of initiatives in the IT strategy that are self-funding (financial benefits in excess of costs)
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Trends in ROI of initiatives included in the IT strategy
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Level of enterprise stakeholder satisfaction survey feedback on the IT strategy
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of projects in the IT project portfolio that can be directly traced back to the IT strategy
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of strategic enterprise objectives obtained as a result of strategic IT initiatives
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of new enterprise opportunities realized as a direct result of IT developments
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of IT initiatives/projects championed by business owners
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Achievement of measurable IT strategy outcomes part of staff performance goals
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Frequency of updates to the IT strategy communication plan
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of strategic initiatives with accountability assigned
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of exceptions to architecture standards and baselines applied for and granted
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Level of architecture customer feedback
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Project benefits realized that can be traced back to architecture involvement (e.g., cost reduction through re-use)
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of projects using enterprise architecture services
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Level of architecture customer feedback
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Date of last update to domain and/or federated architectures
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of identified gaps in models across enterprise, information, data, application and technology architecture domains
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Level of architecture customer feedback regarding quality of information provided
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of projects that utilize the framework and methodology to re-use defined components
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of people trained in the methodology and tool set
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of exceptions to architecture standards and baselines applied for and granted
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Increase in market share or competitiveness due to innovations
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Enterprise stakeholder perceptions and feedback on IT innovation
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of implemented initiatives that realize the envisioned benefits
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of implemented initiatives with a clear linkage to an enterprise objective
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Inclusion of innovation or emerging technology-related objectives in performance goals for relevant staff
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Stakeholder feedback and surveys
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Increase in market share or competitiveness due to innovations
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Enterprise stakeholder perceptions and feedback on IT innovation
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of implemented initiatives that realize the envisioned benefits
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of implemented initiatives with a clear linkage to an enterprise objective
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Inclusion of innovation or emerging technology-related objectives in performance goals for relevant staff
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Stakeholder feedback and surveys
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of IT investments that have traceability to the enterprise strategy
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Degree to which enterprise management is satisfied with IT’s contribution to the enterprise strategy
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Ratio between funds allocated and funds used
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Ratio between funds available and funds allocated
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of business units involved in the evaluation and prioritization process
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Level of satisfaction with the portfolio monitoring reports
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of changes from the investment program reflected in the relevant IT portfolios
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of investments where realized benefits have been measured and compared to the business case
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of service definitions and service catalogs
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Level of executive satisfaction with management decision making
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of decisions that could not be resolved within management structures and were escalated to governance structures
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of staff turnover
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Average duration of vacancies
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of IT posts vacant
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of alignment of IT services with enterprise business requirements
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Ratings of user and IT personnel satisfaction surveys
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Survey of business stakeholder technology level of awareness
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Inclusion rate of technology opportunities in investment proposals
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of alignment of IT services with enterprise business requirements
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Ratings of user and IT personnel satisfaction surveys
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Survey of business stakeholder technology level of awareness
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Inclusion rate of technology opportunities in investment proposals
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of business processes with undefined service agreements
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of live IT services covered by service agreement
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of customers satisfied that service delivery meets agreed-on levels
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number and severity of service breaches
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of services being monitored to service levels
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of service targets being met
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of suppliers meeting agreed-on requirements
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of service breaches to IT-related services caused by suppliers
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of risk-related events leading to service incidents
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Frequency of risk management sessions with supplier
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of risk-related incidents resolved acceptably (time and cost)
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of supplier review meetings • Number of formal disputes with suppliers
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of disputes resolved amicably in a reasonable time frame
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Average stakeholder satisfaction rating with solutions and services
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of stakeholders satisfied with IT quality
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of services with a formal quality management plan
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of projects reviewed that meet target quality goals and objectives
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of solutions and services delivered with formal certification
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of defects uncovered prior to production
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of processes with a defined quality requirement
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of processes with a formal quality assessment report
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of SLAs that include quality acceptance criteria
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Degree of visibility and recognition in the current environment
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of loss events with key characteristics captured in repositories
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of audits, events and trends captured in repositories
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of key business processes included in the risk profile
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Completeness of attributes and values in the risk profile
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of risk management proposals rejected due to lack of consideration of other related risk
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of significant incidents not identified and included in the risk management portfolio
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Percent of IT risk action plans executed as designed
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of measures not reducing residual risk
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of key security roles clearly defined
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of security related incidents
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Level of stakeholder satisfaction with the security plan throughout the enterprise
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of security solutions deviating from the plan
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of security solutions deviating from the enterprise architecture
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of services with confirmed alignment to the security plan
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of security incidents caused by non-adherence to the security plan
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>
• Number of solutions developed with confirmed alignment to the security plan
  • Maintained By: <?>
  • Submitted By: <?>
  • Frequency of Submission: <?>

References & Related Standards:

• ISO/IEC 9001:2008
• ISO/IEC 20000
  • 3.1 Management responsibility
  • 4.0 Planning and implementing service management
  • 4.4 Continual improvement
  • 5.0 Planning and implementing new or changed services
  • 6.1 Service level management
  • 6.4 Budgeting and accounting for IT services
  • 7.2 Business relationship management
  • 7.3 Supplier management
• ISO/IEC 27001:2005
  • Information security management systems – Requirements, Section 4
• ISO/IEC 27002
  • 6. Organisation of Information Security
  • 8. Human Resources Security
• ISO/IEC 31000
  • 6. Processes for Managing Risk
• ITIL V3 2011
  • Continual Service Improvement, 4.1 The 7-Step Improvement Process
  • Service Strategy, 4.1 Strategy Management for IT Services
  • Service Strategy, 4.2 Strategy Portfolio Management
  • Service Strategy, 4.2 Service Portfolio Management
  • Service Strategy, 4.2 Service Catalog Management
  • Service Strategy, 4.2 Service Level Management
  • Service Strategy, 4.3 Financial Management of IT Services
  • Service Strategy, 4.4 Demand Management
  • Service Strategy, 4.5 Business Relationship Management
  • Service Design, 4.8 Supplier Management
• Skills Framework for the Information Age (SFIA)
• TOGAF 9
  • At the core of TOGAF is the Architecture Development Method (ADM), which maps to the COBIT 5 practices of developing an architecture vision (ADM Phase A), defining reference architectures (ADM Phases B,C,D), selecting opportunities and solutions (ADM Phase E), and defining architecture implementation (ADM Phases F, G). A number of TOGAF components map to the COBIT 5 practice of providing enterprise architecture services. These include ADM Requirements Management, Architecture Principles, Stakeholder Management, Business Transformation Readiness Assessment, Risk Management, Capability-Based Planning, Architecture Compliance and Architecture Contracts.
• National Institute of Standards and Technology (NIST) SP800-53 Rev 1
  • Recommended Security Controls for USA Federal Information Systems
• Project Management Body of Knowledge (PMBOK)