Critical Very/Highly Important/Valuable Somewhat None/Not at all
A. GENERAL
a How important is the Office of the CIO concept to you?
b How important is the inclusion of operational roles below that of CIO in the framework?
b.1 Please elaborate on your response to b above, i.e. why do you see value in the inclusion of these rules or why do you believe they should be excluded?
They are responsible for execution and demand management
c How important is the role of an IT financial manager?
c.1 Should the IT financial manager role be permanent or merely an allocated responsibility? Please tick one option.
c.1.1 Permanent c.1.2 Allocated
d How important is the role of an IT risk officer?
d.1 Should the IT risk officer role be permanent or merely an allocated responsibility?
d.1.1 Permanent d.1.2 Allocated
How important is the role of the:
e Applications manager?
f Technical manager?
g IT operations manager?
h How important is it to segregate IT operations and technical manager roles?
i Who should be responsible for IT service support? Please tick one
Critical Very/Highly Important/Valuable Somewhat None/Not at all
i.1 Applications manager
i.2 Technical manager
i.3 Operations manager
i.4 A dedicated IT service support manager reporting to the technical manager role
i.5 A dedicated IT service support manager reporting to the operations manager
j Who should be responsible for IT service delivery? Please tick one
j.1 Applications manager
j.2 Technical manager
j.3 Operations manager
j.4 A dedicated IT service delivery manager reporting to the technical manager role
j.5 A dedicated IT service delivery manager reporting to the operations manager role
k Do you believe an IT governance framework should be prescriptive on whether a centralised, federated or hybrid IT organisational model should be adopted? Please tick “yes” or “no”
k.1 Yes
k.1.1 If, “yes”, please elaborate on your thinking
The specific model select will influence the control framework k.2 No
l How important is vendor management to an IT governance framework?
m Which of the following options do you prefer for IT procurement? Please tick one
m.1 IT procurement should be a normal part of the corporate procurement process
m.2 IT procurement should be a process independent of the corporate procurement process
n Which of the following options do you prefer (please tick one) for IT vendor management?
Critical Very/Highly Important/Valuable Somewhat None/Not at all
n.1 IT procurement should be a normal part of the corporate procurement process but IT vendor management should be separate from the corporate function
n.2 IT procurement and IT vendor management should be separate from the corporate function and procurement processes
o How important is the role of an IT Steering Committee in your organisation?
p How important is the role of an IT Strategy Committee in your organisation?
q Would you prefer to have separate IT Strategy and Steering Committees or combine them? Please tick one option.
q.1 Separate q.2 Combined
r How important is it to have a formal chief technology officer role?
s How important is it to segregate the chief technology officer role from that of the CIO and other IT roles?
Practices
t How important is implementing the IT governance chapter of the King III Code of Corporate Governance to your IT governance objectives?
u How important is implementing the concepts of the ISO/IEC38500 IT governance standard to your IT governance objectives?
B. STRATEGIC ALIGNMENT
IT Goals and Objectives
How often should you revisit your IT strategy and re-align it to the corporate strategy? Please tick one
a Annually
b Annually, with an update halfway through the year
c Every third year
d Every third year, with annual updates
Critical Very/Highly Important/Valuable Somewhat None/Not at all
e A different frequency from the above – please specify
Enterprise Architecture
Which of the following statements do you agree with? Please tick each option you agree with
f Enterprise architecture is a business rather than IT function
g The business architecture belongs to business, the remaining architecture layers belong to the IT function h Enterprise architecture should be closely linked to the corporate strategy function, to translate strategy to action
i How important is the role of a dedicated enterprise architect in your organisation?
j How important is the role of an enterprise architecture forum to your organisation?
k It is important to align IT services to the IT strategy on an ongoing basis
Practices
How important is each of the following to practising sound IT governance?
l Following TOGAF as a desirable practice
m Following an enterprise architecture methodology, regardless of the adopted practice
n Integration between enterprise architecture and corporate strategy
C. VALUE DELIVERY
How important is each of the following to sound value delivery in your organisation?
a Having an enterprise PMO that also handles IT projects
b Having an IT PMO, regardless of whether an enterprise PMO exists or not
c Including IT portfolio management in enterprise portfolio management
d Practising IT portfolio management, regardless of whether enterprise portfolio management is practised or not e Practising IT service portfolio management to ensure continual alignment of services to the organisational strategy f Following the development of ValIT and implementing the framework once it has matured sufficiently
g Following a formal project management methdology
h Practising formal service level management
Critical Very/Highly Important/Valuable Somewhat None/Not at all
Practices
How important is each of the following to practising sound IT governance in your organisation?
i Following Prince2 as a project management method
j Following PMBOK as the underlying project management philosophy, regardless of what other methodologies are used
k Having any formal project management methodology, regardless of whether it is Prince2 or another l Monitoring the development of ValIT as a value mangement practice, in order to consider its adoption once it has
matured sufficiently
D. RESOURCE MANAGEMENT
How important is each of the following to sound IT resource management in your organisation?
a Adhering to corporate resource management processes, as part of practising IT governance
b Implementing formal IT service support and service delivery processes
c Implementing a dedicated help desk or service desk to facilitate effective IT service management Practices
How important is each of the following to practising sound IT governance in your organisation?
d Using ITIL as the underlying practice for structuring IT services, support and delivery
e Implementing formal software asset management to manage the software lifecycle
E. RISK MANAGEMENT
How important is each of the following to sound IT risk management in your organisation?
a Integrating IT risk management with the operational risk management component of enterprise risk management (ERM)
b Maintaining an IT risk management function in IT, rather than having it as part of ERM
c Having formally identified, categorised and classified information assets
d Performing annual IT risk assessments, with six-monthly follow up
e Having a formal information security management function in IT
f Having a formal information security management function that is segregated from IT, i.e. as a business function
Critical Very/Highly Important/Valuable Somewhat None/Not at all
g Having a formally assigned IT security officer role, allocated to a person in IT
h Having a formally assigned IT security officer role, allocated to a person outside IT
i Having a full-time information security officer
Practices
How important is each of the following to practising sound IT governance in your organisation?
j Using ISO/IEC27000 as the basis for managing information security
k Basing the IT control environment on COBIT
l Formalising IT processes, policies, procedures and standards
m Implementing a formal IT control framework
n Monitoring the development of Risk IT as a risk management practice, in order to consider its adoption once it has matured sufficiently
F. PERFORMANCE MEASUREMENT Performance Measurement Mechanism
Which of the following statements do you agree with? Please tick one
a It is important to implement an IT balanced scorecard
b It is important to implement any performance management practice, whether in the form of a balanced scorecard or not G. CONCLUSION
a Are there other desirable IT governance practices not mentioned above that would be required by your organisation? If so, please list them:
b Are there other IT governance structures or roles not mentioned above that would be required by your organisation? If so, please list them:
Critical Very/Highly Important/Valuable Somewhat None/Not at all
c Are there other IT governance mechanisms not mentioned above that would be required by your organisation? If so, please list them:
d What do you consider to be the key requirements for sustainability in the IT context? Please explain