revision history - welcome to etenderpublication | … · web viewit is recommended that the...

DWSSchedule 2 : Extracts from DWS Master Systems Plan

SCHEDULE 2

DWS MASTER SYSTEMS PLAN – EXTRACTS

EXECUTIVE SUMMARY OF THE IT STRATEGY AND DIRECTION

For

DEPARTMENT OF WATER AND SANITATION

______________________________________________________________________________________________DWS CONFIDENTIAL Page i of iv


Table of Contents1.0 Introduction.......................................................................................12.0 Executive Summary..........................................................................23.0 Business Strategic Context..............................................................64.0 The Case for IT Change at DWS.......................................................85.0 IT Principles.....................................................................................106.0 Influences.........................................................................................117.0 Business / IT Alignment..................................................................131. Programme of Work to Address the Gaps.......................147.1 IT Operating Model...................................................................147.1.1.1 Define and formalise the IT operating model..........147.2 ICT Governance...........................................................................157.2.1.1 CGICT implementation based on COBIT 4..................167.2.1.2 COBIT 5 Implementation...................................................167.2.1.3 CGICT alignment..................................................................177.2.1.4 Policies and procedures....................................................18Table 7: Proposed Policy Implementation Framework........207.3 Enterprise Architecture (EA).................................................217.4 Network Optimisation..............................................................22a) Phase 1: Discovery Phase: This phase entails

unpacking the Departments current network architecture to determine whether or not the performance still addresses the existing needs of the Department and it comprises of the following key activities.......................................................................................22

► Collection of network performance statistics for a defined period to gain understanding of the current performance levels against expectation.........................22

► Conducting interviews with business to establish the existing network capability meets users’ requirements and with technical functions to gather

______________________________________________________________________________________________DWS CONFIDENTIAL Page ii of iv


information on the complexity of the network as well as a view on performance measurement and support...........................................................................................................22

b) Phase 2: Gap analysis: The collected data is used to define a current network state. Leading practice in this area is identified and a comparative analysis is done to highlight areas of potential improvement. This informs the ‘To-Be’ architecture...............................22

c) Phase 3. Business Case Development: Initiatives are prioritised to enhance the performance based on identified gaps and newly identified business needs. This phase must deliver an implementation plan and roadmap for optimisation of the network.......................22

The following are key considerations for DWS:......................227.5 IT Infrastructure Refurbishment..........................................227.6 Application Rationalisation....................................................237.7 Business Process Management............................................247.8 Business Intelligence (BI).......................................................267.9 Document Management..........................................................277.10Disaster Recovery and Business Continuity Planning 28Table 8: BCP/DRP deliverables......................................................298 Risks................................................................................................309 Prioritisation of Initiatives.....................................................3110 Implementation Roadmap...........................................................33

______________________________________________________________________________________________DWS CONFIDENTIAL Page iii of iv


List of TablesFigure 1: ICT Planning Process............................................................................................5Figure 1. Figure 15: Government ICT house of values.................................................31

______________________________________________________________________________________________DWS CONFIDENTIAL Page iv of iv


1.0 IntroductionThis document is an extract of section from a full document named Department of Water and Sanitation Master Systems Plan 2013 (main document). The purpose of these extracts is to provide the respondents to the bid with an overview of the IT Strategy and Direction which the Department wishes to implement. It also serves to provide a better understanding of the Departments’ IT Services requirements.

These extracts might contain references to other documents, namely, Annexures (and others), which have not been included in the tender documentation pack. In view of the confidential nature of some of the information contained in the main MSP document, such document will be made available, on request, to the respondents, who made the shortlist.

The headings below, refer to the headings within the MSP main document (the numbering of the sections, however differs from the MSP main document and this extracts document).

______________________________________________________________________________________________DWS CONFIDENTIAL Page 1 of 72


2.0 Executive SummaryThe Department has defined a strategic plan which maps out its strategic objectives in support of fulfilling the Government’s priorities. One of the goals of the Department of Water and Sanitation (DWS) is to become an efficient, effective and development oriented sector leader.

The use of Information and Communication Technology (ICT) has increasingly become fundamental in aiding organisations including government Departments to meet their strategic objectives. Additionally, users are becoming more technology savvy and have access to faster and better technologies and they are therefore demanding better technology and faster networks at the work place in order to execute their functions. That notwithstanding, the use of information and communication technology needs to be adequately governed in order for organisations to realise their return on investment and also enforce security and control.

In light of the above, the Office of the Chief Information Officer (CIO) at the Department has developed a Master Systems Plan (MSP) to achieve the following goals:

► Enable the Department to meet its strategic objectives through implementing programmes that are aligned to the Department’s strategic goals;

► Build capacity and capability within the Office of the CIO that will adequately support the Department and also embed governance structures that will guide the responsible use of ICT; and

► Become economically and financially sustainable through the efficient and effective use of ICT.

The approach followed in developing this MSP can be depicted in the diagram below:

Figure 1: MSP Development Approach

The Department’s strategic objectives drive the IT needs which are determined by engaging the business and ICT stakeholders to understand the business environment, current issues with ICT and the current ICT needs of the business. This MSP seeks to align to the Department’s four strategic outcomes listed below:

► Efficient, effective and development oriented sector leadership;► Equitable and sustainable provision of raw water;



► Provision of equitable and sustainable water services of acceptable quantity and quality; and

► Protection of freshwater ecosystems.

Through engagement with business and IT stakeholders, together with reviewing current documentation, several issues emerged. These issues were classified into key themes which gave rise to the key IT needs that this MSP seeks to address in order to align to DWS’s strategic objectives. These issues which drive a case for change at ICT are listed below:

a) Misalignment of IT and business strategy – inadequate interaction between business and the Office of the CIO, OCIO’s limited business knowledge of the Department and a more operational than transformational ICT unit have been cited as some of the key issues. As a result, the OCIO has been deemed to inadequately support the business due to lack of understanding business requirements and therefore cannot be seen as a strategic partner to the Department.

b) Lack of IT governance and control – a lack of key guiding ICT principles, key standards and a project office has resulted in a weak controls environment and the Department’s inability to have a single view of ICT investments.

c) Limited IT capability and capacity – the Office of the CIO lacks key internal capability to execute functions including IT portfolio management, business analysis and to implement mature enterprise architecture. This has resulted in delays in project delivery, overdependence on IT vendors and insufficient business engagement around business value, prioritisation and funding.

d) Lack of robust, standardised infrastructure capability – insufficient connectivity and lack of standardised IT infrastructure across the DWS has impacted daily operations especially at remote locations and has also resulted in increased time and costs of managing IT infrastructure.

e) Lack of application integration & information management – several applications that are not integrated which also run on different technology platforms have led to an inability of the Department to share information which has also seen a lot of duplication in terms of directorates obtaining the same information from the same stakeholder groups.

In the development of this MSP, it is important that we also take cognisance of the influences, both internal and external which have an impact on what choices ICT at the Department has to make. The following have been noted as key influences that impact how ICT at DWS runs:

► Regulatory – The Office of the CIO is required to comply with regulations set out by different bodies e.g. the DPSA in terms of implementing governance, Government Wide Enterprise Architecture (GWEA) for Enterprise Architecture and the State Information Technology Act, when procuring IT goods and services.

► Emerging technology trends – current and emerging technology trends such as mobility and cloud coupled with technology savvy user base influences the choices that the Office of the CIO makes in serving the needs of the Department.

► Scientific nature of the Department – the scientific nature of Department demands an ICT capability that has a good understanding of the business needs and is able to translate these to IT systems which can enable the Department to execute its functions effectively.

The Office of the CIO has adopted a set of guiding principles which will enable it to effectively run ICT operations at the Department and position it as a strategic enabler. These are:

a) IT Principle 1: Infrastructure optimisation - An optimised and secure IT infrastructure landscape helps align IT to the Department’s strategy, it enhances the value of IT and improves cost of effectiveness through standardisation.



b) IT Principle 2: Disciplined investments - following a disciplined approach to making and managing IT investment decisions can help the Department not only reduce costs, but also prioritise IT initiatives across DWS to maximise total business value. This will be characterised by:► Measuring attained business value ► Ensuring appropriate business sponsorship and involvement in IT projects ► Considering total cost of ownership over the expected life of the solution

c) IT Principle 3: Partnership, collaboration and investment in people - ICT will partner with the business, service providers and authorities as required ensuring IT delivery works as a strategic enabler. Information Services leadership promotes people development to enhance and acquire necessary skills in order to enhance service delivery.

d) IT Principle 4: Design for integration - Moving towards a more integrated approach of IT applications will enable cross-business unit integration, shared or reusable processing, sharing of information and management and reduce duplication across DWS. This will increase efficiency and result in cost savings.

e) IT Principle 5: IT Governance - ICT at the Department is guided by a clear set of frameworks, policies, procedures, standards and guidelines that promote an efficient IT environment and at the same time reduce complexity, facilitate compliance, manages IT related risks and reduce costs.

f) IT Principle 6: Stable and consistent IT service delivery – the Office of the CIO ensures that the ICT environment is stable and delivers consistent services by improving and maintaining service delivery management, operational performance and sourcing management.

The Office of the CIO will embark on the following ten strategic initiatives described below in order to meet the IT needs mentioned earlier:

a) IT operating model – The Office of the CIO will define an IT operating model with insourced and outsourced capabilities that will enable it to adequately support the DWS.

b) IT governance – Implement a sound ICT governance framework based on COBIT 5 to create the environment and structures that will ensure stakeholders are adequately engaged and ICT is run effectively and in a transparent manner.

c) Enterprise Architecture – ICT will be built on approved Enterprise Architecture standards as guided by the Government Wide Enterprise Architecture (GWEA) framework.

d) Application rationalisation–The Office of the CIO will embark on application rationalisation which will entail reshuffling of the current application portfolio by consolidating and improving the ways in which IT systems are used thereby reducing complexity and increasing flexibility.

e) Network optimisation – Streamline the network in order to extract maximum benefits whilst reducing operational costs.

f) IT Infrastructure refurbishment / revitalisation –This initiative is aimed at revitalising the IT infrastructure at DWS by upgrading old infrastructure, rationalising through the identification of opportunities for consolidation, transformation and/or expiration of the IT infrastructure and making new infrastructure investments.

g) Document management – This initiative was recommended in the previous MSP. The objective of a Document Management system is to assist the Department with storing and managing of documents and objects in electronic form to ensure ease of retrieval and document sharing.

h) Business process management - Business Process Management (BPM) is the discipline of managing processes as the means for improving business performance



outcomes and operational agility. Processes span organisational boundaries, linking together people, information flows, systems and other assets to create and deliver value to customers and constituents.

i) Business intelligence - BI is a set of methodologies, processes, architectures, and technologies that transform raw data into meaningful and useful information used to enable more effective strategic, tactical, and operational insight and decision-making. There is currently an inflight project, NIWIS, to implement BI.

j) Business Continuity / Disaster Recover Planning – This initiative will enable the Office of the CIO to develop and test plans that will ensure that the Department is able to restore operations in the event of a disaster.

The following risks have been identified if this MSP is not implemented:► Lack of IT alignment to business resulting to IT running initiatives that do not

support the Department;► There is an increased risk that the Department might not be able to meet its

stakeholders’ needs in the event of a disaster;► The Office of the CIO runs the risk of running a complex and cost ineffective unit

due to the need to increase capacity to manage the infrastructure;► There is a risk to the Department’s data integrity impacting decision making if

adequate data and information management policies and procedures are not enforced; and

► The Office of the CIO may not be able to adequately support the Department if the required capacity and capability is not developed.



3.0 Business Strategic ContextThe South African Department of Water and Sanitation prepared and signed off a strategic plan for the years 2013/14 – 2017/18 in March 2013. This plan clearly articulates the strategic direction the Department is required to take.

The Department’s legislative mandate is to ensure the country’s water resources are protected, managed, used, developed, conserved, controlled and regulated to support the delivery of water supply and sanitation in accordance with the requirements of the policies of the Water Services Act of 1997 (Act No 108, 1997) and National Water Act, 1998 (Act No 36, 1998). The Department’s core functions are:

► Policy formulation;► Water resources planning and management;► Water resources infrastructure development;► Capacity building;► Inter-governmental and intra-sectorial co-ordination;► Water services support; and► Water resources and water services regulation.

The Department of Water and Sanitation is experiencing a set of emerging and persistent issues which are the drivers for their business strategy. The main drivers of the business strategy are:

► Water supply is running low with approximately 98% of the available supply in use;► Usable water is being wasted - 37% of our clean and usable water is being wasted

due to dripping taps and leaking pipes;► Water sanitation is a concern - almost 40% of the country’s waste water treatment is

in a “critical state”; and► Hazardous waste is a threat: Pollution is a huge threat to South Africa’s water supply

with only 5% of hazardous waste being disposed of in the correct way.

To this end the Department has identified 4 outcome-based goals which are guided by its mandate.

Table 1: DWS Strategic ObjectivesStrategic Outcome Oriented Goals Strategic Objectives

Efficient, effective and development oriented sector leadership

Improve and increase the skills pool and build competencies in the Department and within the sectorEffective and efficient internal control environmentImplement programmes that create job opportunitiesImprove water resources and water services informationCoordinate regional and global water services informationEnsure effective performance of water management and services institutions

Equitable and sustainable provision of raw waterEnsure the availability of access to water supply for environment and socio economic useImprove equity and efficiency in water



allocationStrengthen and implement strategies for water management in the countryImprove water use efficiency

Provision of equitable and sustainable water services of acceptable quantity and quality

Ensure compliance to water legislationSupport the water sector

Protection of freshwater ecosystemsEnsure compliance to water legislationImprove the protection of water resources and ensure their sustainability

It is imperative that the Department has an ICT strategy or a Master Systems Plan (MSP) that can effectively support the business strategy.



4.0 The Case for IT Change at DWSFor the Department to realise its vision of giving all people living in South Africa access to adequate, safe, appropriate and affordable water and sanitation; and to meet its strategic objectives as stated above, it requires its IT capability to be an effective and efficient strategic enabler.

In this Information age, government institutions are looking at optimising their IT investment in order to take on the many opportunities of value creation, cost minimisation and becoming high performing organisations. Furthermore, the Department views information as a strategic resource to support its decision-making process. The availability of high quality information is a key need within the Department.

From the interactions with different stakeholders within the Department, it was gathered that the Office of the CIO is currently perceived as a support function that ensures operations run as they should and is currently very effective at keeping “the lights on” from an operations point of view. However, there are key issues, tabled below, that are currently hindering the Office of the CIO from adequately supporting the Department making it difficult for the Department to fulfil its mandate. This MSP should be read together with the “AS – IS” report in order to understand the current state.

Table 2: IT needsNo.

Emerging Themes

Issues Implications

1 Misalignment of IT and business strategy

► Inadequate interaction between business and the Office of the CIO

► Inadequate representation of business interests since Portfolio Managers meetings are no longer taking place

► The Office of the CIO’s priorities are not always aligned to the Departmental initiatives

► The Office of the CIO’s limited business knowledge

► The ICT outsourcing contract was negotiated without business involvement

► The Office of the CIO focuses more on IT operations and not business transformation

► There is lack of clear business leadership and sponsorship for IT initiatives to realise targets

► Inability to support business adequately

► Inability to understand business requirements

► Business does not have faith in capabilities of the Office of the CIO

► Business does not see IT as a strategic partner or seeing value in investing in IT



No.

Emerging Themes

Issues Implications

2 Lack of IT governance and control

► The Office of the CIO lacks a systems development life cycle (SDLC) methodology

► The Office of the CIO lacks a project office to govern and quality assure ICT projects

► There are no IT principles guiding the direction of the Office of the CIO

► The Office of the CIO has not defined hardware and software standards to ensure an IT environment that is stable and standardised

► Inefficient monitoring and evaluation of IT projects against business objectives

► Inadequate IT risk management resulting to increased audit findings

3 Limited IT capability and capacity

► There is no portfolio planning and prioritisation process in place

► The Office of the CIO lacks the capacity to conduct efficient business analysis across functional areas

► The Office of the CIO lacks a single point of accountability for project delivery

► Strategic planning and enterprise architecture lacks maturity

► Lack of formal job descriptions detailing minimum skills requirements

► Some key positions within the Office of the CIO have not been filled e.g. business analysts

► Delayed Project delivery with costs overrun

► Inability to strategically position IT

► Unnecessary vendor dependency

► Business requirements requiring scientific expertise take longer to be implemented

► Insufficient engagement around business value, prioritisation and funding

4 Lack of robust, standardised infrastructure capability

► Insufficient network connectivity in the regions

► The Department has servers running on different operating systems and database management systems

► Water resource infrastructure projects run late due to infrastructure not being available on time

► Delays in processing of payments resulting to considerable user frustration

► Delays in implementing the Water ResourceInfrastructure programs

► Poor network connectivity impacts data capturing therefore compromising data quality

► Difficult to maintain server availability levels and contain costs



No.

Emerging Themes

Issues Implications

5 Lack of application integration & information management

► The Department lacks an integrated Data Warehousing function that would allow for central reporting.

► DWS is operating a number of systems written in different technologies and there isn't a long term technology perspective to integrate

► The Department is unable to make informed decisions due to the unavailability of centralised strategic data

► Inability to share and re-use Departmental data

Misalignment between business and ICT can be summarised as below:Symptoms of limited strategic alignment

►Minimal ICT focus on innovation and growth

►High fixed costs►Siloedstructure by

business unit, region or function

► Immature processes►Lack of necessaryskill sets►Fragmented application

integration►Value of ICT projects

cannot be measured

Business and ICT cost impact

► ICT not seen as delivering business benefit

►Valuable projects go unfunded

► ICT leaders pressured to reduce cost, long term benefits compromised

►Business units compete for resources, leaving ICT to play referee

►Ad-hoc outsourcing of the ICT function

► ICT focused on “keeping the lights on”

►Decline in ICT morale and job satisfaction

The vicious circle of limited strategic alignment

Insufficient support for strategic initiatives

Perception of low ICT effectiveness

Budget cuts, shadow

technology projects

High fixed percentage of ICT

spend

Figure 2: The implications of misalignment between ICT and Business



5.0 IT PrinciplesThe principles below establish an approach that will ensure alignment with business objectives.

a) IT Principle 1: Infrastructure optimisation - An optimised and secure IT infrastructure landscape helps align IT to the Department’s strategy, it enhances the value of IT and improves cost effectiveness through standardisation.

b) IT Principle 2: Disciplined investments - following a disciplined approach to making and managing IT investment decisions that can help the Department not only to reduce costs, but also prioritise IT initiatives across DWS to maximise total business value. This will be characterised by:

► Measuring attained business value;► Ensuring appropriate business sponsorship and involvement in IT projects; and► Considering total cost of ownership over the expected life of the solution.

c) IT Principle 3: Partnership, collaboration and investment in people–the Office of the CIO will partner with the business, service providers and authorities as required to ensure IT delivery works as a strategic enabler. Information Services leadership promotes people development in order to increase the skills pool and build competencies that will adequately support the business.

d) IT Principle 4: Design for integration - Moving towards a more integrated approach of IT applications will enable cross-business unit integration, shared or reusable processing, sharing of information and reduce duplication across DWS. This will increase efficiency and result in cost savings.

e) IT Principle 5: IT Governance - ICT at the Department is guided by a clear set of frameworks, policies, procedures, standards and guidelines that promote an efficient IT environment and at the same time reduce complexity, facilitate compliance, manages IT related risks and reduce costs.

f) IT Principle 6: Stable and consistent IT service delivery–the Office of the CIO ensures that the ICT environment is stable and delivers consistent services by improving and maintaining service delivery management, operational performance and sourcing management.



6.0 InfluencesA number of influences have been identified which have an impact on the IT choices at DWS. These have been categorised as below:

a) Emerging technology trends – Current and emerging technology trends including mobility, cloud, faster Internet together with technology-savvy users forces the Department to rethink its IT offering to the users. Users are demanding more flexibility through mobility, the need for real time data in order to produce more accurate information and more space. The business on the other hand is looking for efficient ways to manage infrastructure and perhaps save on maintenance costs.

b) Regulatory – Being an organ of state, the Department is heavily regulated and its authority mandated through the National Water Act, 1998. Specific to IT are regulations which require IT to align to Government in terms of developing strategies, governance and infrastructure. The Department of Public Service and Administration (DPSA) sets out the Corporate Governance of ICT Framework (CGICT) which requires government Departments to follow when implementing IT governance. The Government – Wide Enterprise Architecture (GWEA) framework as defined by the GITO Council sets out the minimum standard by which to use an Enterprise Architecture approach as a means to develop and construct ICT plans and blueprints for state agencies. The State Information Technology Agency (SITA) Act, 2002 regulates the procurement of IT goods and services.

c) Scientific nature of the Department – The Department is highly scientific and requires accurate data to perform planning and forecasting for water needs and also determine quality of water resources. This results to the need of IT resources that have both scientific and IT knowledge in order to develop specialised systems that can enable this. Additionally, this has an implication on ICT’s direction in terms of the application portfolio.



7.0 Business / IT Alignment

In order to effectively enable these required business goals, key technology components and elements are required. These technology elements are articulated as IT needs that will ensure that the business goals of DWS are appropriately addressed from a technology perspective:

Figure 3: Business / IT Alignment

a) IT Need 1: Alignment of IT and business strategy–In order for ICT at DWS to be seen as a strategic partner to the business, it is important that ICT partners with business and understands the business of DWS. This will enable the OCIO to efficiently and effectively support the business strategy for DWS.

b) IT Need 2: IT Governance and Control –ICT governance is required to adequately support the Department and to ensure strategic alignment, value delivery, risk mitigation, performance management and resource management. Addressing this need aligns to the Department’s strategic objective of having an effective and efficient internal control environment.

c) IT Need 3: Standardised Infrastructure – The lack of standardised infrastructure has resulted in delayed operations at the regions, inability to manage server availability levels and escalated maintenance costs. Standardising infrastructure will ensure seamless operations therefore contributing to the effective performance of water management and services institutions.

d) IT Need 4: Robust and scalable application landscape–The current application landscape makes it difficult for users across the Department to share information. This has led to the development of several applications that perform duplicated functions across the different directorates. Addressing this need will support the Department in accurately coordinating regional and global water services information.

e) IT Need 5: Enhanced IT capability and capacity – It is vital for the ICT unit to be adequately skilled and have the right capability in order to be a strategic partner. Enhancing the IT capability will ensure that the Department improves and increase the skills pool and build competencies in the Department and within the sector.



7.1 Programme of Work to Address the GapsIn determining the Programme of Work, the strategic imperatives of DWS, key IT needs and the gaps between the current and target IT states were considered. Based on this exercise ten (10) key initiatives have been identified to resolve these gaps and to respond to the IT needs. Each of these initiatives is described in detail in the sections that follow.

Figure 4: Programmes of work

7.2 IT Operating ModelAn operating model is a representation of how an organisation operates across process, organisation and technology domains in order to accomplish its function. DWS stakeholders expect IT to be a trusted partner, who has a holistic understanding of the various technology options and solutions available in the marketplace and can provide the organisation with seamless data and information to support better decision-making. In order to improve the IT capacity and capability at DWS the current operating model needs to be reworked.

7.2.1Define and formalise the IT operating model



A clearly defined IT operating model should be designed to deliver against the Department’s business strategy. In order to ensure the success of a new operating model this initiative must be run as a standalone project with dedicated resources and a strong change management component. A good IT operating model complements and reflects the business operating model and supports the business strategy.

The following principles must be used to guide the new operating model:

a) Run IT as a business - IT has to become just like every other function and business unit by demonstrating financial discipline, becoming more transparent, and delivering measurable business value. Managing the business of IT through an integrated view of technology cost, performance, supply, and demand, enables business users to better plan and manage their demand for IT resources.

b) Develop new skills - Strong technical skills are no longer enough to sustain an IT organisation. New skills required include expertise in emerging technologies like analytics, mobile apps, solution architecture and social media as well as non-technical skills like vendor management, account management and project management.

c) Adopt a new proactive engagement model –the OCIO should not wait for business to approach with requests. IT is expected to bring both a deep understanding of technology and specific business domain knowledge together to proactively propose solutions that will enable innovation. This requires embedding relationship managers within the business where they can influence business strategy and promote IT capabilities.

d) Clarify governance and architecture models - Without the right architecture and governance models being put in place first, there is a high probability that the rush to embrace these new trends will result in higher IT-related spending and increased risk. As more solutions are sourced externally, newer technologies are adopted, and the business directly procures some services, synergies and scale will suffer while complexity increases. The DWS requires an approach to governance and architecture that balances the demands for speed, agility, and autonomy with the requirements for security, regulatory compliance, and compatibility. In addition the governance framework must optimise value for the enterprise and at the same time satisfy the needs of individual business units without becoming a bureaucratic obstacle to progress. ICT is required to create architecture models that enable flexibility without losing control, leading to increasing complexity and cost.

The Office of the CIO acknowledges that there will always be a scarcity of IT skills and the department will make an effort to attract and retain best skills. Over the next five years, the department will run a hybrid model for IT sourcing where certain services will be performed in-house and outsource the services with a lower risk profile.

7.3 ICT GovernanceThe King III Code of Corporate Governance defines IT governance as “…the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.”



The Board Briefing on IT Governance second edition by the IT Governance Institute states that IT governance is fundamentally concerned about two things: IT’s delivery of value to the business and mitigation of IT risks. The first is driven by strategic alignment of IT with the business, and the second embedding accountability into the enterprise. Both need to be supported by adequate resources and measured to ensure that the results are obtained. This leads to the five main governance domains as defined by the IT Governance institute as depicted below.

Figure 11: ITGI’s IT Governance Domains

a) Strategic Alignment – the focus here is on aligning IT with the business by asking whether the enterprise’s investment in IT is in harmony with its strategic objectives, and thus building the capabilities necessary to deliver business value.

b) Value Delivery – this is primarily about executing the value proposition throughout the delivery cycle and it focuses on optimising expenses and proving the value of IT.

c) Risk Management – this focuses on safeguarding of IT assets and disaster recovery and making senior corporate officer more aware of risks.

d) Resource Management – this is the optimal investment, use and allocation of IT resources (people, applications, technology, facilities, data) in servicing the needs of the enterprise. Resource optimisation ensures that an integrated, economical IT infrastructure is provided, new technology is introduced as required by the business, and obsolete systems are updated or replaced.

e) Performance Management – entails tracking project delivery and monitoring IT services by using balanced scorecards that translate strategy into action to achieve measurable goals

7.3.1.1 CGICT implementation based on COBIT 4The Department has developed a Corporate Governance of Information and Communication Technology Policy Framework as guided by the Department of Public Service and Administration, which sets out the IT governance framework. The objectives of this framework are:

► To embed the CGICT as a subset of Corporate Governance in the Department;► Create business value through ICT enablement by ensuring business and ICT

strategic alignment;► Provide relevant ICT organisational structure, resources, capacity and capability to

enable ICT service delivery; and► Achieve and monitor ICT service delivery performance and conformance to relevant

internal and external policies, frameworks, laws, regulations, standards and practices.


IT Governance

Domains

Resource management


The Department’s principles for CGICT as adopted from the DPSA’s CGICT policy framework are summarised below:

► CGICT must enable the department’s political mandate;► CGICT must enable the department’s strategic mandate;► The Accounting Officer is responsible for the CGICT;► ICT service delivery must be aligned to the strategic goals of the department;► Executive Management must monitor and evaluate significant IT expenditure;► Executive Management must ensure that ICT risks are managed and that the ICT

function is audited; and► Executive Management must ensure that ICT service delivery is sensitive to

organisational behaviour / culture,The Department’s framework is currently based on COBIT 4 and not COBIT 5 as required by the DPSA.

7.3.1.2 COBIT 5 ImplementationIt is recommended that the Department implements and embeds COBIT 5 as the ICT Governance Framework. The Office of the CIO has begun the process of implementing COBIT 5 and has identified 18 processes which will be linked to the service management framework. COBIT 5 is based on 5 principles and 7 enablers as shown below which will enable the OCIO to develop a governance framework that is inclusive of other frameworks and follows a holistic approach:

Figure 13: COBIT 5 Principles (Source: COBIT® 5, figure 2. © 2012 ISACA®All rights reserved).

Governance enablers are organisational resources through or towards which action is directed and objectives can be attained. A lack of these enablers may affect the ability of the organisation to create value:

► Principles, policies and frameworks;► Processes;► Organisational structures;► Culture, ethics and behaviour;► Information;► Services, infrastructure and applications; and► People, skills and competencies.

The COBIT 5 implementation follows a seven phase lifecycle as below:



Figure 14: COBIT 5 Implementation Lifecycle (Source: COBIT® 5, figure 17. © 2012 ISACA®All rights reserved).

It is important to note that governance is not a one-time exercise and therefore it be should continuously reviewed to determine if it is still aligned to adequately support the organisation. This will ensure that the Department adequately addresses the five governance domains.

The Department must document clear terms of reference and charters for each forum. The Organisational Structures Enabler of COBIT 5 indicates good practices to include:

a) Operating principles – These are the practical arrangements regarding how the structure will operate such as frequency of meetings, documentation and housekeeping rules.

b) Composition – Structures have members, who are internal or external stakeholders.c) Span of control – The boundaries of the organisational structure’s decision rights.d) Level of authority / decision rights – The decisions that the structure is

authorised to take.e) Escalation procedures – The escalation path for a structure describes the required

actions in case of problems in making decisions.

7.3.1.3 CGICT alignmentThe governance framework should be aligned to CGICT as prescribed by the DPSA for compliance. The Department has identified the following 18 processes which will be implemented as part of phase 1:

1. Manage Enterprise Architecture2. Define Strategy3. Manage service agreements4. Ensure Risk Optimisation5. Manage suppliers6. Manage budget and costs7. Manage programs and projects8. Manage security9. Set and maintain governance framework10. Manage changes



11. Manage operations12. Identify and build solutions13. Manage availability and capacity14. Define requirements15. Manage risk 16. Manage requests and incidents17. Manage security services18. Manage problems

In implementing these processes, the Office of the CIO should also ensure to at least adhere to the following 12 minimum processes as defined by the DPSA:

1. Governance framework setting and maintenance2. Manage the ICT management framework 3. Manage strategy 4. Manage enterprise architecture5. Manage portfolio6. Manage suppliers7. Manage risk8. Manage security9. Manage programmes and projects10. Manage operations11. Manage continuity12. Monitor, evaluate and assess performance

The ICT governance framework should also be updated to include all operational and planned governance forums.

7.3.1.4 Policies and proceduresThe Office of the CIO should review the current policies in order to define policies that are comprehensive, covering all required areas, open and flexible allowing adaptation to the Department’s specific environment, reflect the current direction of the Department and be available and accessible to all stakeholders. OCIO should consider using the COBIT 5 model for principles, policies and frameworks as depicted below:



Figure 16: COBIT 5 Enabler: Principles, Policies and Frameworks (Source: COBIT® 5, figure 28. © 2012 ISACA®All rights reserved).

a) Stakeholders – policies and frameworks should identify both internal and external stakeholders to the Department. They include the board, executive management, compliance, risk managers, internal and external auditors, service providers, customers and other regulatory agencies.

b) Goals and metrics – clear goals and performance metrics should be defined in the policies and frameworks since they are instruments that communicate the rules of the Department in support of the governance objectives and the Department’s values

c) Lifecycle – policies have a lifecycle and therefore currency is of utmost importance. They need to be reviewed and updated when necessary and stakeholders need to be made aware of the changes

d) Good practices – this requires that policies be part of the overall governance framework. As part of the policy framework the following items need to be described:

o Scope and validity o The consequences of failing to comply with the policyo The means for handling exceptionso The manner in which compliance with the policy will be checked and

measured

The DPSA’s CGICT policy framework adopted 12 COBIT 5 processes. The Align, Plan and Organise (APO01) is one of them and could be used by the Department as a guide to implementing ICT policies.

► Maintain the enablers of the management system - Maintain the enablers of the management system and control environment for enterprise IT, and ensure that they are integrated and aligned with the enterprise’s governance and management philosophy and operating style. These enablers include the clear communication of expectations/requirements. The management system should encourage cross-



divisional co-operation and teamwork, promote compliance and continuous improvement, and handle process deviations (including failure).

A guide to implementing these policies and frameworks may be to define policies based on the COBIT 5 processes as applicable to the Department.

Table 7: Proposed Policy Implementation FrameworkProcess Suggested Policy Policy in

PlaceEnsure Governance Framework Setting and Maintenance

IT Governance Framework Yes

Ensure Benefits Delivery IT Portfolio and Projects Framework NoEnsure Risk Optimisation Risk Management Policy YesEnsure Resource Optimisation

Resource Management Policies No

Ensure Stakeholder Transparency

Stakeholder Communication Strategy No

Manage the IT Management Framework

IT Governance Framework Yes

Manage Strategy IT Strategy In progressManage Enterprise Architecture

Enterprise Architecture Framework & Methodology No

Manage Innovation Consider influences like Mobility, cloud computing NoManage Portfolio IT Portfolio and Projects Framework NoManage Budget and Costs Define as part of operational policies NoManage Human Resources Resource Management Policies NoManage Relationships Stakeholder Engagement Plans and Communication

StrategyNo

Manage Service Agreements

Supplier Management Policy No

Manage Suppliers Resource Management Policies / Supplier Management NoManage Risk Risk Management Policy YesManage Security Information Security Policy YesManage Programmes and Projects

IT Portfolio Framework No

Manage Requirements Definition

Systems Development Lifecycle Policy and Methodology No

Manage Solutions Identification and BuildManage Availability and Capacity

Systems Availability and Capability Policy No

Manage Changes IT Change Management Policy YesManage Change Acceptance and TransitioningManage Knowledge Information Management and Classification Policy NoManage Assets Asset Management Policy (which will also define the

asset lifecycle)No



Process Suggested Policy Policy in Place

Manage Configuration Configuration Management Policy NoManage Operations IT Operational Procedures e.g. backup and scheduling YesManage Service Requests and Incidents

Problem and Incident Management Policy & Procedures No

Manage ProblemsManage Continuity Business Continuity & Disaster Recovery Plan NoManage Security Services Information Security Policy YesMonitor, Evaluate and Assess Performance and Conformance

Monitoring & Evaluating Policy No

Monitor, Evaluate and Assess the System of Internal ControlMonitor, Evaluate and Assess Compliance with External Requirements

7.4 Enterprise Architecture (EA)Enterprise Architecture is a structured framework for identifying and analysing the major elements of any organisation. EA frameworks have been proven to add value by establishing a common language for business leaders and IT leaders as they seek to align with each other.

An Enterprise Architecture is the structure, relationships and rules governing the business processes and systems of an organisation. An Enterprise Architecture consists of major components each of which are also referred to as architectures and will be discussed in details in the sections to follow.

The Department should undertake an initiative to develop an Enterprise Architecture that will be aligned to the core ICT Principles and business success factors specified in the previous sections. For DWS, this is a fundamental investment that will enable IC&T to invest and develop technology asset in the standardised manner that will position the organisation for future business growth.

This initiative aims at achieving mature Enterprise Architecture capabilities and that align Enterprise Architecture methodologies and processes more closely with business strategy. This will enable DWS to Identify and close gaps to business capability needs, define and implement a value-driven enterprise information management strategy, enhance common platforms leverage across DWS, increase solution delivery quality and reduce enterprise risk.

It is recommended that the initiative be developed based on the Architecture Development Method (ADM) defined by TOGAF and adopted by GWEA as below:



Figure 17: TOGAF’s Architecture Development Method

The initiative should be treated as a long term program and not a single project in order to achieve the goals of effectiveness, efficiency, agility and durability. The initiative can be executed in the following phases:

a) Phase I: - Establish the baseline architecture based on the current state. Each of the architectural domains will be analysed and a baseline created for each one. The DWS strategy, divisional strategies and business plans will also be reviewed to determined what the Department wants to achieve and how EA can assist in meeting these strategic goals.

b) Phase II: - Determine the future needs and requirements of the different business units and how all these link together to the implementation of Enterprise Architecture.

c) Phase III: - Perform the TO – BE analysis based on inputs gathered from the two previous steps. The Enterprise Charter and Principles are also developed guiding the overall architecture based on GWEA.

d) Phase IV: - Perform a gap analysis to identify gaps between the current baseline and TO – BE scenario

e) Phase V: - Develop the roadmaps to ensure gaps are narrowed and closed. These roadmaps will be prioritised according to DWS’s strategy deliverables and business requirements.

7.5 Network OptimisationNetwork Optimisation is the process of extracting the maximum benefit from your network whilst reducing your operating costs. This can be achieved through performing an



understanding of the business environment and where necessary update and redesign networks to ensure load balancing.

It is proposed that the Department initiates a project to assess the capability of the current network, to establish whether it still meets the requirements. The recommended approach entails the following:

a) Phase 1: Discovery Phase: This phase entails unpacking the Departments current network architecture to determine whether or not the performance still addresses the existing needs of the Department and it comprises of the following key activities.

► Collection of network performance statistics for a defined period to gain understanding of the current performance levels against expectation.

► Conducting interviews with business to establish the existing network capability meets users’ requirements and with technical functions to gather information on the complexity of the network as well as a view on performance measurement and support.

b) Phase 2: Gap analysis: The collected data is used to define a current network state. Leading practice in this area is identified and a comparative analysis is done to highlight areas of potential improvement. This informs the ‘To-Be’ architecture.

c) Phase 3. Business Case Development: Initiatives are prioritised to enhance the performance based on identified gaps and newly identified business needs. This phase must deliver an implementation plan and roadmap for optimisation of the network.

The following are key considerations for DWS:► Sourcing and procurement of a network monitoring tool;► Segment the number of computers & devices on the network;► Improve bandwidth across regions;► Review & implement stricter data usage governance; and► Improve bandwidth availability to accommodate mobile workers in remote locations.

7.6 IT Infrastructure Refurbishment The role played by the IT infrastructure function is critical in that it is a central point through which mission critical services are deployed across the organisation for the benefit of both internal and external stakeholders.

The Infrastructure Refurbishment / Revitalisation initiative consists of upgrading or replacing old infrastructure, rationalising existing infrastructure and new infrastructure investments. Infrastructure rationalisation is an approach aimed at reducing the cost of ownership of IT infrastructure through the identification of opportunities for consolidation, transformation and/or expiration of the IT infrastructure (hardware, facilities, applications & networks). The use of emerging technologies such as virtualisation, cloud, automation & adaptation can be useful in the streamlining process and aims to reduce the number of tools that the organisation requires to address its basic needs. The benefit derived from streamlining is that organisations are able to eliminate redundant and non-value adding infrastructure. This in turn frees up budget to pursue other mission critical work to deliver on organisational strategy imperatives.



a) Rationalisation - Rationalisation is the process of looking at and analysing an infrastructure portfolio to judge its strengths and weaknesses, to eliminate redundant or unused components, and to combine components in such a way as to ensure a cost-effective solution. Some of the rationalisation options that DWS can undertake include:

► Consolidate data centres - Data centre consolidation refers to the use of efficient technologies to merge and reduce the IT assets of an organisation. The process involves consolidation of both hardware and software infrastructure. Hardware-based consolidation efforts include using intelligent switches, storage virtualisation, blade chassis and rack management.

► Virtualisation - Virtualisation of hardware should be encouraged to improve operational efficiency, as well as to support consolidation, decommissioning and cost management programs.

b) Upgrade or replace infrastructure – The department will conduct audits to determine old, faulty and out of warranty infrastructure that needs to either be upgraded or replaced.

c) New infrastructure investments –As the Department’s needs continue to grow, the OCIO will also purchase new infrastructure in support of the Department strategy.

The proposed DWS Infrastructure Refurbishment approach entails a four phase diagnostic process;

a) Phase 1: Site audits - Performing site audits which entails:► Infrastructure data collection and scoping of requirements to detail current

state;► The storage requirements must be determined by region specific challenges

and needs; and► Improvement targets must be established.

Some of the key considerations for the DWS in phase 1 are:► Investigation of cable theft at regions;► Establishing the number of employees that will be affected;► Investigation into the Impact of storms on infrastructure;► The state of current hardware; and► Investigate distance per region to nearest SITA centre location.

b) Phase 2: Strategy design – The findings of the site audit will inform the creation of a “To-Be” state for DWS. This must detail the current infrastructure portfolio view and must include:

► A detailed plan on how the proposed “To-Be” state can be achieved;► A cost model; and► A Target state.

Some of the key considerations for DWS in phase 2 are:► The number of server rooms required;► Investigate the use of Microwave links;► Investigate the use of 3G connectivity; and ► Investigate the use of traditional connection.

c) Phase 3: Business case transition – Establish a business cases for transformation with associated cash flows for identified opportunities that includes the following:

► Infrastructure portfolio consolidation, reengineering, transitional strategy, approach, risk plans, mitigation strategies and decommissioning plans; and

► Define ongoing demand and portfolio management plans.d) Phase 4: Infrastructure Strategy Execution– The focus here is on driving down

the categories of hardware to reduce complexity in the DWS infrastructure environment. This process must determine which hardware must be retired, re-


http://www.daywatcher.com/articles/what-is-application-server-virtualisation


designed or retained for purposes of best supporting the attainment of business objectives.

7.7 Application RationalisationApplication rationalisation is the reshuffling of an application portfolio by consolidating and improving the ways in which IT systems are used thereby reducing complexity and increasing flexibility.This initiative will directly satisfy the IT need “Application Integration and Information Management” and its corresponding business need.

An important goal of the rationalisation is to eliminate redundant and non-value-adding applications, freeing up future budget for new, business-critical work..It is recommended that this initiative is run as a standalone project, with a dedicated project structure that provides feedback to a steering committee which includes OCIO and key business stakeholders.

The following are steps for a successful rationalisation initiative:a) Map out the applications portfolio-Gather data throughout the organisation to

build a well-defined, complete, accurate, and vetted inventory of applications. This inventory includes IT owners for each application.

b) Determine the business alignment of each application-Map each application in the portfolio to business processes and to locations of use. This comprehensive mapping exposes redundancies and identifies opportunities for consolidation.

c) Determine the true cost of each application-Determine the real cost of each application in the portfolio, including costs such as infrastructure and operations (internal IT costs or external services), licenses, licensed software support, direct application support (internal IT employees or external staff), applications break/fix support, enhancements, and smaller changes.Align cost and business value-Break down the application costs by the business functions they support to understand how much of the overall applications budget is supporting HR, manufacturing, etc.

d) Analyse the technical and functional quality of each application-Determine the "business value" by combining the functional quality and technical quality of each application.First, survey the business users of applications to determine functional quality - how well is each application meeting the business needs for a particular business process at a particular location. Functional quality includes factors such as ease of use, data currency, integration, criticality of an application to the business process, and whether the application is used to satisfy a legal requirement.Next, survey IT technical support staff to determine how well each application meets expectations for technical standards and practices such as reliability, scalability, interface complexity, data integrity, and support risk. This analysis helps determine where there is opportunity for change.

e) Create a target landscape and road map-Create a plan to consolidate and simplify the applications portfolio to reduce redundancies, improve effectiveness, and save on support costs. These initiatives should focus on improving both technical and functional quality, reducing annual support costs, eliminating redundancies, and filling possible gaps. The plan should also include a roadmap to get to the desired state.

f) Develop the business case-Develop a business case to demonstrate the business and financial value of transforming the applications portfolio in order to gain buy-in from the rest of the organisation. The business case shows the impact on efficiency



and effectiveness of business processes as well as the time it will take to break even on the initiative cost.

By following the roadmap, enterprises can reduce their total number of applications as well as the total inventory of infrastructure and management resources used to support them. They will gain a clear, unbiased understanding of their total applications inventory, applications related costs, and the business value of their applications. This leads to a more agile, Instant-On enterprise that can stay ahead of the ever-changing business landscape.

The application landscape always needs to be on the move, reflecting the current needs and objectives of the organisation while they continuously evolve. Hence DWS needs to conduct regular portfolio rationalisation reviews: Identify the applications with the worst performance in terms of meeting business needs in a cost-effective and reliable manner.

7.8 Business Process ManagementBusiness Process Management (BPM) is the discipline of managing processes as the means for improving business performance outcomes and operational agility. Processes span organisational boundaries, linking together people, information flows, systems and other assets to create and deliver value to customers and constituents.

They key to success in any BPM initiative is to ensure a sustainable BPM lifecycle. The main issue with the current solution is that it does not encapsulate the full BPM lifecycle; critical phases for Monitoring, Optimisation and Reengineering are completely non-existent. In flight projects and analysis are not utilising this information. We recommend a complete BPM initiative that would include the following cycle components across the Department:

Figure 21: BPM Implementation Cycle

a) Design - Process design encompasses both the identification of existing processes and the design of "to-be" processes. Areas of focus include representation of the process flow, the factors within it, alerts and notifications, escalations, standard operating procedures, service level agreements, and task hand-over mechanisms.

b) Modelling - Modelling takes the theoretical design and introduces combinations of variables



c) Execution - One of the ways to automate processes is to develop or purchase an application that executes the required steps of the process

d) Monitoring - Monitoring encompasses the tracking of individual processes, so that information on their state can be easily seen, and statistics on the performance of one or more processes can be provided.

e) Optimisation - Process optimisation includes retrieving process performance information from modelling or monitoring phase; identifying the potential or actual bottlenecks and the potential opportunities for cost savings or other improvements.

f) Reengineering - When the process becomes redundant and optimisation is not achieving the desired output, it is recommended to re-engineer the entire process cycle

The increased adoption of service-based integration architectures has given rise to a class of software called Business Process Management Systems (BPMS) which are intended to support continuous improvement. In general, BPMS provides a set of tools that can be used for the following purposes:

► Orchestrate end-to-end business processes that include both automated, machine-based activities and human activities, which can be visualised through a GUI front-end.

► Provide real-time views of work process queues and transactional statuses. ► Integrate with commonly used communication systems such as email and SMS text

for purposes of alerting a user or group of users based on triggers established within the business process.

► Perform real-time reporting on current business process conditions and reporting against process KPIs.

► Create new business process workflows and system integration points without the need for traditional application development, thus putting the power to automate workflows in the hands of the business analyst.

► Model and simulate business processes execution.

The BPM initiative will also form part of the overall Enterprise Architecture (EA) initiative which looks at the Department as a whole, according to the recommended EA Architecture Development method (ADM), the BPM initiative will fall under the Business Architecture part of the initiative.

7.9 Business Intelligence (BI)Business Intelligence is a set of methodologies, processes, architectures and technologies that transform raw data into meaningful and useful information used to enable more effective strategic, tactical and operational insight and decision-making.


http://en.wikipedia.org/wiki/Bottleneck_(production)

http://en.wikipedia.org/wiki/Process_optimization

http://en.wikipedia.org/wiki/Application_software


Figure 22: Objective of BI

The ultimate goal is to transform data into meaningful information that can support decisions associated with business and operational performance. BI enables concepts such us customer intelligence, operations intelligence, asset intelligence and workforce analytics. BI systems complement the transactional applications that are used by the organisation to process business transactions such as water samples, work orders, service requests, invoices, etc.

In order to develop a practical and useful Business Intelligence (BI) strategy and roadmap, it is important to obtain an accurate understanding of the current and future BI environment. The following BI Framework describes the end-to-end process of delivering BI to the information consumer. The diagram below summarises the BI Framework including the interactions between the eight key BI components.

Figure 24: BI Framework

The key components of a BI System include:a) Operational Reports - Displays data with rich presentation and within a structured

layout (i.e. rows and columns).b) Query and Analysis - Interactive methods to query data, present data in an ad-hoc

manner, and to find information on an as-needed basis.


Business

Information Consumer

BI Organisation

IT Support Function

ETLMaster Data Management

Information Exchange Services

Metadata Management

InformationRepository

Reporting &AnalyticsSource

Data Governance & Security


c) Dashboard Management - Graphical interfaces and real-time methods to provide guided analysis and to intuitively monitor organisational metrics.

d) On-line Analytical Processing (OLAP) - The capability of manipulating and analysing data from multiple perspectives in a rapid fashion.

e) Data Mining & Predictive Analytics - Utilising statistics, algorithms, and sophisticated data search capabilities to discover hidden patterns and relationships in data and project future results.

The deployment of a successful BI solution will have to overcome a series of challenges some of which are already being mentioned above, but research indicates that for a successful BI solution deployment it is a matter of four key critical success factors:

► Understanding the strategic drivers of the organisational environment and related business goals.

► Determining the business questions for which answers are required in order to plan, budget, control, monitor, measure, assess, and/or improve organisational performance in relation to the strategic goals.

► Identifying the tools, methods, and analytical frameworks that can be used to support execution of key business processes and management of organisational performance.

► Following well-established technical procedures for identifying, acquiring, integrating, staging, and delivering the data and information managers need.

► While this alignment process is straightforward conceptually, there are a wide variety of challenges that must be overcome, as with any endeavour in IT. For example, working with business users of BI to determine their business questions (information requirements) is still an art despite the existence of structured requirements-gathering methods.

► On the technical side, there are a wide array of choices to be made with respect to architecture, methodology, tools, technologies, and processes – choices that impact project risk, total cost of ownership, and ultimately the magnitude of the "investment" portion of ROI. There is also the challenge of incorporating sufficient architectural flexibility to respond to new BI needs as strategic drivers evolve.

In order to reduce the NIWIS project risk the Department can utilise frameworks such as the Forrester BI and Data Management Program Framework or any other framework that can provide a best practice guide and checklist to validate the approach to defining, evangelising, implementing and supporting the vision for transforming business processes through strategic investments in data management and BI. Such a framework would assist the Department make the shift from isolated projects to a strategic program. The framework can be used as checklist, to measure the completeness of the current phase of the NIWIS initiative and to assess the readiness to proceed to the next phase.

7.10 Document ManagementA Document Management system (DMS) is a system used to track and store documents. The objective of a Document Management system is to assist the Department with storing and managing of documents and objects in electronic form to ensure ease of retrieval and document sharing and to provide the following abilities:

► Document tracking► Document numbering► Version control capability► Improved simplicity and ease of use► Full text searching where words or phrases inside documents can be found.



► Capture Metadata (for search and reference purposes within a data warehouse)

We recommend that the Department extend the SharePoint project across the Department to include the rest of the other divisions.

Figure 25: DMS Components

Document Management systems must incorporate storage, versioning, metadata, security, as well as indexing and retrieval capabilities.

a) Capture - involves converting information from paper documents into an electronic format through scanning. Capture is also used to collect electronic files and information into a consistent structure for management.

b) Indexing - Improves searches, and provides alternative ways to organise the information.

c) Storage - Storage of the documents includes management of those same documents; where they are stored, for how long, migration of the documents from one storage media to another (hierarchical storage management) and eventual document destruction.

d) Locating - Finds documents and folders using template attributes or full text search.e) Retrieve - Simple retrieval of individual documents can be supported by allowing the

user to specify the unique document identifier, and having the system use the basic index (or a non-indexed query on its data store) to retrieve the document.

f) Audit - Facilitates document and version control.

The success of a Document Management system often depends on the business context that is the extent to which the solution supports the way knowledge workers actually use content on a daily basis rather than IT or risk contexts. There are some limitations of implementing SharePoint organisation-wide DMS; the Department should keep these following in mind when implementing SharePoint:

► Focus SharePoint on lower-value, and lower-volume, business content - SharePoint works best with Microsoft Office files such as Word documents, Excel spreadsheets, and PowerPoint presentations. SharePoint will not support business processes that handle large and/or esoteric files, such as engineering schematics, or high transaction volumes well.

► Study roles and work styles to determine SharePoint's business content fit - Use SharePoint for collaborative, team-based content creation and management rather than structured and repetitive processes. Similarly, SharePoint workflow works



well for ad hoc content flows between members of a specific team or Department but less so for workflows that cross folders, teams, and applications.

► Be prepared for the impact of SharePoint's success - Plan in advance to address rapidly expanding repository and archiving requirements (and costs), and to implement governance that balances IT and security concerns with the business users' need to quickly and painlessly launch new SharePoint sites.

7.11 Disaster Recovery and Business Continuity Planning

Business Continuity Planning is the process whereby an organisation prepares for and aids in disaster recovery. It is an arrangement agreed upon in advance by management and key personnel of the steps that will be taken to help the organisation recover should any type of disaster occur.

Disaster Recovery (DR) is the process an organisation uses to recover access to their software, data, and/or hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or a disaster caused by humans. Disaster Recovery plans, or DRPs, focus on bridging the gap where data, software, or hardware have been damaged or lost.

It is recommended that the above mentioned initiative is prioritised and given urgent attention.The main requirements for the BCP/DRP are:

► Meets statutory requirements of relevant bodies such as the Auditor-General.► Meets international standards such as ISO22301 and ISO27031.► Simple to implement and still achieve the required effectiveness and objectives.► Will achieve its intended objectives. ► Can be cost effective to implementation and rollout.► Focuses on all DWS IT mission critical processes as performed in all DWS offices - and

sites nation-wide. ► Entails a communication and awareness plan.► Is linked to business continuity and disaster recovery strategy and policies of the

DWS.► Cuts across all DWS IT units.

The key deliverables for this initiative are defined in the table below.

Table 8: BCP/DRP deliverablesItems Deliverable

IS Business Continuity Plan Documented planDisaster Recovery Documented planResumption Documented plan

Implementation of plansImplementation planPhysical implementation of DR facility for all critical systems

TestingTesting planPost mortem reportPerform testing once the plan is finalised

BCP skills transfer to the nominated officials Nominated officials trained on BCP


http://www.disasterrecovery.org/disaster_recovery.html

http://www.disasterrecovery.org/business_continuity.html


8 RisksThe overall intent of the ICT strategy is to use IT as an enabler strategic partner in the achievement of the Departmental goals and objectives. The risks below have been identified in the event this strategy is not implemented:

a) Business / IT Alignment - A key gap that this MSP corrects is aligning IT and business strategy. This lack of alignment leads to adverse business issues including:

► Inability of the business to reach its full potential – the systems exist, but they are not used effectively.

► Failure to identify and capitalise upon business opportunities that could be enabled by IT.

b) Business impact – The lack of business continuity and disaster recovery planning may result in the Department’s inability to recover and restore operations in the event of a disaster. This then means that DWS will be unable to service its customers both internal and external be it through automated functionality or manual procedures should a disaster occur.

c) Regulatory Risks - Inadequate compliance to regulatory requirements increases the Department’s audit risk. The CGIT Framework requires government entities to provide clear IT strategies, Enterprise Architecture foundations and a clearer view as to how IT resources are acquired, managed and disposed. The COBIT5 governance framework which is embedded to some extent in the CGIT places further emphasis on how IT resources are governed and aligned to supporting the business objectives. The GWEA framework which assists government entities in developing EAs is also increasingly being cited by the CGIT as key in leveraging IT resources optimally.

d) Cost and complexity risks – Escalated costs due to the need to increase capacity to manage the infrastructure the inability to benefit from economy of scale.

e) Information Management Risk - The Department views information as a strategic resource and the availability of high quality information to support an organisation’s decision-making process is crucial to organisational success. The inability for the Department to formalise adequate data management policies and procedures increases the risks of poor data integrity and inefficient reporting to all its stakeholders.

f) IT Capability - This MSP addresses key capabilities that required by OCIO to improve its value offerings. By not implementing this MSP the OCIO will not be adequately equipped to cater for the business needs.



9 Prioritisation of InitiativesA prioritisation framework and criteria was established with the understanding of the business drivers and objectives. The framework categorises the initiatives into four quadrants as illustrated in the graph below as, initiatives that are planned for the long term; those that can be implemented immediately; those that can be put on hold and those that can be implemented next. Each initiative was reviewed and planned with the intent of the expected business value, ease of implementation factors and those which were identified as ‘Quick Wins’, i.e. those with early interventions and shorter timelines. Further to this, the initiatives were then prioritised and put into two implementation phases over the next 5 years as will be shown in the implementation roadmap.

Figure 26: Prioritisation of InitiativesWave1:The first wave of the programme of work is made up of initiatives identified as ‘Quick Wins’and initiatives that are ‘critical’ in ensuring that all aspects of ICT are appropriately sourced, managed and capacitated.

‘Quick wins’ are projects that have an improvement that is visible, have immediate business benefit and can be delivered within shorter timelines. In this case these initiatives are those that the Department have either partially executed or are already inflight. These are:

► Document Management (7);► Business Intelligence (9);and► Network Optimisation (5).

The Document Management project was completed in March 2014 but hasn’t been implemented due to capacity constraints across the Department. The Business Intelligence initiative is due to be completed end of August 2015. Both these projects, if implemented in the first year can be of great benefit to the Department by alleviating some of the issues regarding document sharing and report generation. The Network Optimisation initiative is already inflight and will be ongoing.



Also included in the first wave of the programme of work are ‘critical initiatives’ that are fundamental to the efficient operation of ICT and on which all the other initiatives are dependent. These are:

► IT Operating Model (1);► IT Governance (2);► Business Process Mapping (8);► Enterprise Architecture (3); and► Disaster Recovery and Business Continuity Planning (10).

Wave 2:The second phase of the programme of work include initiatives that will take longer to implement and are indirectly dependent on the Wave 1‘critical initiatives’. These are Application Rationalisation (4) and Infrastructure Refurbishment (6).



10 Implementation RoadmapThe figure below represents the planned roadmap for the specified initiatives. Majority of the initiatives are planned to complete within the first 3 years. At this point the Department is scheduled to produce an updated performance plan with new strategic goals and objectives. This MSP sets the foundation for key initiatives to be delivered early, thereby enabling any future initiatives that will be required as a result of the organisation’s new strategy. It is critical that this MSP is reviewed annually and evaluated with regards to performance and completion of initiatives as well as updated with any new initiatives that may be required. The Office of the CIO must undertake the process to establish a new MSP in year 5 or sooner.

Figure 27: Implementation Roadmap


revision history - welcome to etenderpublication | … · web viewit is recommended that the...

Documents