4.4. Roll out (waterfall)

Previous | Next | Up | Contents

Objective

The roll out (waterfall) process completes a set of system governance assessments to feed into the first annual review. It is used when the organisation has a need or a preference for a pre-planned roll out in which the criteria and list of systems is defined before any assessment work takes place.

When used

The roll out occurs after initiation, and before the first annual review.

Roles

The roll out is run by the system governance manager.

The system governance committee are involved in developing the list of criteria to be used for the assessments.

The system governance sponsor and IT decision makers are involved in reviewing and signing off the list of systems to be assessed and the roll out plans.

Notes

Number of workshops

The process involves the creation of a set of criteria to use for assessments. These criteria are not created from scratch, but are based on a set of industry standard criteria supplied by Metrici.

When planning the workshops in step 1, consider whether you are likely to need one workshop or many. This depends on the number of modifications you would expect to make to the industry standard criteria, which in turn depends on the priorities that have been set for system governance.

  • The priority might be to provide general monitoring of quality and compliance, for example to control outsourced systems. In this case, it might be appropriate to start with the industry standard criteria, and revise them in the light of experience after the first annual review. You will probably need only one workshop, to ratify the decision to use the industry standard criteria.
  • The priority might be to measure some very specific aspects of compliance, which are not represented at all in the industry standard criteria. In this case, the roll out process will need to create suitable criteria from scratch, but is unlikely to need very many new criteria. You will probably need one or two workshops.
  • The priorities might be more complicated, for example to provide general monitoring and some specific improvements such as cost or risk reduction. This will require a significant revision of the standard criteria, and may require many workshops.

Some consideration of this is worthwhile to set expectations and for planning, though of course you can run more or fewer workshops if you find it necessary during the workshops.

Assessment, validation and analysis

The process shows a step for assessment, a step for validation, and a step for analysis. These can overlap: a system can be validated as soon as the assessment is complete, and can be analysed as soon as the assessment is validated.

Steps 4 to 6 of this process are equivalent to running a system review for each system.

Steps

  1. Develop criteria

    Responsible:
    System governance manager
    Involved:
    System governance committee

    Circulate the standard criteria and illustrative assessments to the steering committee, with supporting narrative.

    Run one or a series of criteria development workshop to agree the changes required to the criteria.

    Draft new and changed criteria, and agree these with the steering committee using normal organisational practices.

    See Section 3.5, Criterion maintenance.

  2. Collate definitive system list

    Responsible:
    System governance manager
    Involved:
    IT decision makers
    System governance sponsor
    System governance committee

    Provide a brief definition of all the systems in the initial system list prepared during initiation, being particularly careful to define the boundaries between systems.

    Circulate the list to the IT decision makers, sponsor and committee for their comments.

    Revise the list as necessary to gain agreement that it is the definitive list of systems to assess.

  3. Plan assessments

    Responsible:
    System governance manager
    Involved:
    IT decision makers
    System governance sponsor

    Plan the assessment, validation and analysis of all the systems based on the definitive system list and revised criteria. Agree the plan with the IT decision makers and sponsor, and gain agreement from them for the assistance that will be required from system owners and other authorities.

  4. Assess systems

    Responsible:
    System governance manager
    Involved:
    none

    Assess systems, according to the plan. Verify that assessments are factually correct with system owners or other authorities.

    See Section 3.2, Assessment.

  5. Validate assessments

    Responsible:
    System governance manager
    Involved:
    none

    Validate the assessments, and progress any issues that arise.

    See Section 3.3, Validation.

  6. Analyse systems

    Responsible:
    System governance manager
    Involved:
    none

    Analyse the systems, to find a system score and any issues with each. Feed back any issues to the system owners.

    See Section 3.4, Analysis.

    The issues will be collated and fed into the first annual review, but as a courtesy it is worth informing system owners at this stage so that the conclusions from the annual review do not come as a surprise.

Previous: 4.3. Initiation | Next: 4.5. Roll out (iterative) | Up | Contents