|
EXECUTIVE SUMMARY
GOVERNANCE
ANALYSIS USING ENTERPRISE ARCHITECTURE
By Clive Finkelstein
[1]
CONTENTS
INTRODUCTION
GOVERNANCE ANALYSIS
USING
ENTERPRISE ARCHITECTURE
By Clive Finkelstein, Managing
Director
Information Engineering Services Pty Ltd
A Practical
Approach for Rapid Enterprise Compliance with Sarbanes-Oxley
Driven IT and Business Governance Requirements.
A White Paper
for Senior Management on Internal Control Reporting for
Sarbanes-Oxley that utilizes:
- A
Comprehensive Organizing Framework (Zachman Framework)
- Proven
Methods and Tools (Enterprise Architecture)
- A Manageable
Step-by-Step Governance Analysis Approach
DOWNLOAD FOR
SENIOR MANAGEMENT IN PDF
Back to Contents
EXECUTIVE SUMMARY
[2]
The Sarbanes-Oxley Act of 2002
assigns personal responsibility to senior management of public and
non-public organizations in the USA, and is being applied in various
forms also by other countries throughout the world.
Of particular concern is Section 404 of the Act, which
relates to “Management Assessment of Internal Controls”.
Internal Controls will vary from
enterprise to enterprise. They need to be tailored to the relevant
industry (or industries) that the organization operates within; they
are also typically unique for each enterprise. They are determined
by its business activities and processes as well as its financial
controls. They are closely related to the IT systems and databases
that the enterprise uses for financial and other reporting.
Senior management need to show that
answers are available in relation to key resources such as: data;
business activities and processes; locations; people and business
units; and events. Answers should be available that also show how
resources relate to strategic and tactical business plans that have
been defined by management. These are internal control questions
that address: “What”; “How”; “Where”; “Who”; “When”; and “Why”.
These six questions are shown as
columns in a matrix, where different perspectives of “Planner”,
“Owner”, “Designer”, “Builder” and “Subcontractor” are also shown as
rows. This is provided by the Zachman Framework for Enterprise
Architecture. While Enterprise Architecture has previously been
considered to be an IT responsibility, when it is also used by
senior management it enables precise Governance Analysis. It
also provides a Business Transformation Enablement
capability.
With the legal implications of
Sarbanes-Oxley non-compliance, an inability to answer internal
control reporting audit questions takes on a new personal meaning
for senior managers. A Governance Analysis Framework is needed –
that is both easy to create, and easy to use – to obtain answers for
relevant internal control reporting questions.
An example is discussed in the paper
of a Governance Analysis Framework (GAF) that uses matrices to
create and maintain relationships between aspects of an enterprise
that enable each of these questions to be answered. Some of these
matrices, from the Project Management Organization Unit of a typical
enterprise, are illustrated in Figures 1 – 3.
Figure 1: Example of Matrix
Relating Business Plans to Organization Units
Figure 2: Example of Matrix
Relating Business Plans to the Data Supporting those Plans
Figure 3: Example of Matrix
Relating Business Activities to Business Plans
The sample GAF matrices in Figures 1
– 3 clearly show the answers to each question by reading across
relevant rows, or down particular columns. These matrices, plus many
others, are tailored to each enterprise. They can be created in a 25
day Strategic Modeling project within an elapsed duration of 3
months, based on the Strategic Business Plans for the enterprise.
This uses an initial facilitated session over two days with active
participation of senior management and their direct reports, where a
Strategic Map is developed.
A Strategic Map is a “picture of the
business”, similar in concept to the layout of a city. A city map
clearly shows the layout of streets (“where”) and the access routes
that define “how” to get there. It also indicates “what” is located
in parts of the city. Given a reason (“why”) to take a given route
at a certain time (“when”), people (“who”) can use the map to
navigate through any city.
What is missing in most enterprises
is a similar “map (or picture) of the business”. A city map can be
bought from newsagents in that city, but no newsagent sells
Strategic Maps for enterprises. In the absence of a Strategic Map
for an enterprise, it is hard to answer these questions. As a
result, Internal Control Reporting is difficult.
A Strategic Map that is developed and
tailored to an enterprise enables senior managers, as well as middle
managers, expert business staff and IT staff to see the data,
activities and processes, locations, business units and people, the
business events and the business plans that all need to be managed
effectively for internal control reporting. From the Strategic Map
and underlying Strategic Model, the Governance Analysis Framework
matrices become dynamic. They are automatically generated.
Given the Strategic Map input from
the senior management team and their reports, more detailed analysis
by the facilitator in the 25-day Strategic Modeling project period
identifies key data, business activities, locations, business units,
and business events for the business plans that were used as
catalysts. The result of this analysis is documented in a Governance
Analysis Framework (GAF) Report, which is the main deliverable from
the Strategic Modeling project.
The GAF Report and its contents
provide a documented view of tailored Internal Control Reporting
from the strategic perspective for senior management. These
dynamically-tailored matrices must be then completed by relevant
business experts. The strategic GAF matrices are populated by more
detailed matrices from key business units. These Tactical Modeling
projects – each similar to the Strategic Modeling project – can in
turn be undertaken for key business units.
Strategic Modeling projects and
Tactical Modeling projects have been completed for large and medium
Commercial enterprises throughout the world. Similar Strategic
Modeling and Tactical Modeling projects for Government and Defense
Departments have also been completed in the USA, Canada, Australia
and NZ.
The methods discussed in the paper
can be applied rapidly in 25 days, within an elapsed 3 month period,
in a step-by-step approach as follows:
1. Establish Plan for Strategic Modeling
Project
2. Capture Initial Business Planning
Input as Catalyst
3. Conduct Strategic Modeling
Facilitated Session
4. Carry out Strategic Model Analysis
5. Derive Governance Analysis Framework
(GAF) Documentation
6. Review of GAF Matrices and Governance
Implementation Plan
7. Progressive Enterprise Completion of
GAF Matrices
8. Implementation of the Governance
Implementation Portfolio
The GAF Reports produced from
Strategic Modeling and Tactical Modeling projects provide the
documentation and modeling tool capabilities that are needed for
Internal Control Reporting for Sarbanes-Oxley. As an added
by-product of the Governance Analysis Framework methods described in
the paper, similar methods and tools can be also used to implement
transformed business activities and processes for Business
Transformation Enablement.
DOWNLOAD FOR
SENIOR MANAGEMENT IN PDF
Back to Contents
REFERENCES
[2]
Governance Analysis using Enterprise Architecture
is presented as part of a one-day seminar for senior management
by Clive Finkelstein: “Strategic Business Transformation
Planning”. This is Day 1 of the 5-day seminar
“Successfully Implementing Enterprise Architecture”.
Intervista Institute schedules these seminars regularly
throughout North America. For a course description and schedule,
visit the Intervista Institute web site at
http://www.Intervista-Institute.com/.
Back to Contents |
