Queensland Government Enterprise Architecture

OFFICIAL: Public

Current state: Enterprise architecture assessmentDigital and ICT strategic planning framework

Final

October 2018

v1.0.0

OFFICIAL - Public

OFFICIAL: Public

QGEA OFFICIAL - Public Current state: enterprise architecture assessment

Document details

Security classification OFFICIAL - Public

Date of review of security classification

October 2018

Authority Queensland Government Chief Information Officer

Author Queensland Government Chief Information Office

Documentation status Working draft Consultation release Final version

Contact for enquiries and proposed changesAll enquiries regarding this document should be directed in the first instance to:

Queensland Government Chief Information Officeqgcio@qgcio.qld.gov.au

AcknowledgementsThis version of the Digital and ICT strategic planning framework was developed and updated by Queensland Government Chief Information Office.

Feedback was also received from a number of agencies, which was greatly appreciated.

CopyrightDigital and ICT strategic planning framework

© The State of Queensland (Queensland Government Chief Information Office) 2018

Licence

This work is licensed under a Creative Commons Attribution 4.0 International licence. To view the terms of this licence, visit http://creativecommons.org/licenses/by/4.0/. For permissions beyond the scope of this licence, contact qgcio@qgcio.qld.gov.au.

To attribute this material, cite the Queensland Government Chief Information Office.

The licence does not apply to any branding or images.

Information securityThis document has been security classified using the Queensland Government Information Security Classification Framework (QGISCF) as OFFICIAL - Public and will be managed according to the requirements of the QGISCF.

Final | v1.0.0 | October 2018 Page OFFICIAL – Public

OFFICIAL: Public

QGEA OFFICIAL - Public Current state: enterprise architecture assessment

PurposeAssessment of business services, information, application and technologies from a planning perspective provides a consistent method for scoring and analysing business impact, condition and future business value. Assessments are used to create grid models. Depending on where elements within a layer of an enterprise architecture fall on a grid model, specific strategies and actions can be considered during planning regarding short and longer-term management of those elements.

Each assessment examines business, user, functional or technical aspects of a service, information asset, application or technology to measure the potential to deliver current and future benefit and satisfy business needs. Assessment identifies the value to the organisation, risk, maintainability and performance.

Based on results of assessments, several corrective actions can be proposed that can be carried forward to the planning activities with the business representatives.

It should be noted some assessments are required for whole-of-government reporting purposes.

Final | v1.0.0 | October 2018 Page OFFICIAL – Public

Assessment assists the practitioner and business representatives engaged in planning to understand the risk, potential to deliver future benefit and comparative cost of services, information, applications and technologies within the current environment.

The Queensland Government ICT Profiling standard further outlines the minimum requirements for the assessment of information, applications and technology.

OFFICIAL: Public

QGEA OFFICIAL - Public Current state: enterprise architecture assessment

AudienceA practitioner in the context of this guideline can include one or more of the following roles:

Enterprise architects Digital and ICT strategic planners Agency and service strategic planners Business analysts.

AssessmentBefore conducting any assessment activities, the practitioner should engage with the business planning unit, the enterprise architecture unit or other business stakeholders within the organisation to identify which elements relevant to the planning engagement may have already been assessed. For example, the organisation may have already identified applications and technologies that are considered to be high risk.

It may not be possible to effectively assess all the elements as part of the planning engagement. The practitioner may need to negotiate the scope of the assessments conducted with the planning sponsor. Recommended options include:

reduce the scope of assessments conducted (e.g. assess only the business impact and condition)

reduce the scope elements assessed (it may be sufficient to assess only applications and technologies)

reduce the scope of elements assessed based on characteristic of that element (e.g. assess only applications and technologies above $X annual cost of operation or assess only applications where the business impact of the service supported is Extreme or High).

Assessments can be modified to suit specific agency requirements provided the criteria assessed are relevant to both the elements being assessed and the nature of the assessment. Assessments should also be applied consistently across the same elements in a portfolio.

Assessments should only be conducted once the practitioner is satisfied all relevant elements have been gathered and documented in the relevant registers including:

Business service register Business process register Information assets and services register

Final | v1.0.0 | October 2018 Page OFFICIAL – Public

The assessments and related grid models are intended for planning purposes. They provide a consistent set of criteria against which the business can score and compare the business, user, functional or technical aspects of a service, information, application or technology asset/service. They are not substitutes for formal risk assessments for example, and the results require further investigation.

OFFICIAL: Public

QGEA OFFICIAL - Public Current state: enterprise architecture assessment

Application assets and services register Technology assets and services register.

Assessments are best conducted using surveys, interviews or workshops with representatives from the business as well as application and information asset experts and support staff.

The assessment of value to the organisation, risk, maintainability and performance are determined through scoring information assets, applications and technologies against criteria relating to business impact, future business value and condition. Table 1 below defines each assessment in more detail.

Assessment Definition

Business impact Business impact is the significance of a business service, information, application or technology asset/service to the business in terms of the impact of failure, scope of usage, coverage and support to the business in meeting its operational and service delivery requirements.

Future business value Future business value refers to the capacity of a business service, information, application to technology asset/service to support future business strategies and objectives of the organisation. The objective is to assess the potential to deliver future benefits and contribute toward growth and improved service delivery.

Condition Condition is a measure of the performance of a business service, information, application or technology asset/service in terms of its access, currency, maintainability, compliance and alignment with better practices.

Table 1 - Definition of Business impact, Future business value and Condition

The assessments of business impact, future business value and condition are made using a similar approach, scoring a number of dimensions relevant to business impact, future business value and condition on a simple 0-5 rating scale. The results are averaged to produce a final 0-5 score. This approach is less subjective than simply asking a business or technical representative to rate an element out of 5, but can still be completed relatively quickly. The dimensions used and the rating guidelines are also designed to be readily understood by both technical and business people. In most cases, it is best to have business people rate some dimensions, and technical people others.

The figure below describes the assessment criteria for each of the service information asset, application and technology assessments.

Final | v1.0.0 | October 2018 Page OFFICIAL – Public

OFFICIAL: Public

QGEA OFFICIAL - Public Current state: enterprise architecture assessment

Figure 1 - Assessment criteria

Scaled costA fourth dimension of scaled cost can also be added. Scalable cost assessment provides a simple means of turning a cost of operation dollar amount into a rating from 0 to 5. By indicating a high annual estimated cost of operation (unique to the organisation) representing a scaled cost of (5), it is possible to calculate ranges of values that would result in a scaled cost rating of between (1) and (5). In the example below, the high annual estimated cost of operation for the organisation would be $250,000.

Final | v1.0.0 | October 2018 Page OFFICIAL – Public

Tools to assist with the assessment of business impact, future business value and condiction are provided in the Resources section of this guideline.

OFFICIAL: Public

QGEA OFFICIAL - Public Current state: enterprise architecture assessment

Total Cost of Operation Range Rating

$2,500 - $7,900 1

$7,900 to $25,000 2

$25,000 to $79,000 3

$79,000 to $250,000 4

$250,000 and above 5

Figure 2 – Sample scaled cost ranges

Using the example above, an element with an annual estimated cost of operation of $30,000 would be given a scaled cost assessment of 3. This enables comparisons to be made more easily between the cost of assets in the same portfolio.

Asset lifecycleAssessing the age of assets and services and when they are due for replacement or renewal is also useful analysis. This is particularly useful when assessing application and technology assets and services.

If both the estimated replacement or renewal date and the estimated cost of replacement or renewal have been captured, simple graphs can be produced of the estimated number of elements to be replaced or renewed within specified periods of time (e.g. 1 year, 3 years and 5 years).

In many cases information assets, applications and technologies may already be past the estimated replacement date. It is also possible to graph how long assets are being used beyond their expected replacement date and whether this may represent a risk to the agency.

AnalysisGrid models can be applied to determine the actions to be undertaken by the agency in relation to its ICT portfolios. The grid models are a visual method for understanding the current and future positioning of services, information assets, applications and technologies.

Final | v1.0.0 | October 2018 Page OFFICIAL – Public

A tool to assist with the scaling of estimated cost of operations is provided in the Resources section of this guideline.

OFFICIAL: Public

QGEA OFFICIAL - Public Current state: enterprise architecture assessment

It is also a method for applying an objective process for planning the future evolution of these assets and services based on recommended management strategies. Each grid model captures information about an agency’s ICT assets and services according to a combination of characteristics of business impact, future business value, technical condition and scaled cost.

As an example, three different grid models can be used to assess the current and future position of ICT assets in relation to the rest of the portfolio including:

Business exposure (Business impact vs Technical condition) Performance (Business impact vs Scaled Cost of operation) Attractiveness (Future business value vs Technical condition).

The Business exposure grid model provides an indication of the current risk and performance of a service, information asset, application or technology.

The Performance grid model assesses the performance of assets and services relative to other assets and services in the same portfolio based on the importance to the business (business impact) versus the scaled total cost of delivering and maintaining the asset or service. This in turn gives an indication of the ‘reasonableness’ of the overall cost.

The Attractiveness grid model assesses the contribution the asset or service will make to the strategic priorities and objectives of the organisation by comparing the capability of the element to deliver future benefits and business changes against its current condition.

The grid models are an effective method of conveying the current state of services, information, applications and technologies at commencement of digital and ICT planning workshops.

The grid models can be used to assist the practitioner to determine appropriate strategies regarding the current state that can be carried forward to the planning engagement. Particularly in relation to strategies for optimising the portfolio of information assets, applications and technologies.

Final | v1.0.0 | October 2018 Page OFFICIAL – Public

When combined with the estimated cost of operation as the size of the bubble on a model for example, the resulting model and analysis is a meaningful method of portraying the current state to the planning sponsor and the business.

Sample grid models are provided in the Resources section of this guideline.

OFFICIAL: Public

QGEA OFFICIAL - Public Current state: enterprise architecture assessment

Analysis and determination of the management strategies from the grid models should be conducted in conjunction with the replacement and renewal of information as well as the current work plan. This will identify any actions or initiatives that are either proposed, planned or in-train that may deliver on the recommendations highlighted from the grid models.

Next stepsOnce the grid models and analysis have been conducted, the results can be presented back to the planning sponsor as well as the business representatives as part of the planning workshops conducted as part of the planning engagement.

It may be appropriate to suggest recommended management strategies that should be considered when developing the digital or ICT strategy or plan document.

Alternatively, some recommendations may need to be carried forward into operational planning activities.

Resources

Resource Link

ICT resources profiling tool

https://www.qgcio.qld.gov.au/services/analytics-and-research/ICT-profiling-templates

Grid model samples https://www.qgcio.qld.gov.au/services/analytics-and-research/ICT-profiling-templates

ICT planning methodology workbook

https://www.qgcio.qld.gov.au/knowledge-base/ict-planning-workbook-knowledge-base

Grid model strategies Nil

Final | v1.0.0 | October 2018 Page OFFICIAL – Public

Strategies relating to the grid models are provided in the resources section of this guideline.