B.1. Example terms of reference
This is an example terms of reference for system governance for the Bristol and Bath Bank (BBB), a fictitious financial services company. System governance has been adopted by Central Management Services (CMS), BBB's in-house IT department.
BBB is part of larger group company (AFSG) which is currently considering consolidation of group services. Many of BBB's systems are outsourced. The example shows how system governance can contribute to the management of these factors
The terms of reference is entirely fictitious; any resemblance to a real organisation is unintentional.
See Section A.1, Terms of reference for more details.
System Governance Terms of Reference
BBB Central Management Services (CMS) has adopted system governance as a framework to measure and improve the IT systems in its care.
This terms of reference sets out the objectives for system governance within CMS, the scope of system governance, the organisational structure to support system governance, and the processes through which system governance will contribute.
System governance is a generic framework for measuring and improving IT systems. This section sets out the specific measurements and improvements to which system governance will contribute within BBB CMS.
System governance will contribute to the following four objectives.
- Reduce costs and risks of IT systems, for the long-term. This is complementary to the project office initiative, which aims to reduce the shorter-term risks associated with project-based change.
- Achieve Amalgamated Financial Service Group's (AFSG) requirements to consolidate services across group companies including BBB.
- Meet all legal and regulatory obligations of a financial services company.
- Monitor systems outsourced to Isisco, and work with Isisco to increase the quality and stability of systems outsourced to them.
The sections below expand on each objective.
System governance requires that each objective is given a weighting to reflect its relative importance, so that competing objectives can be resolved. The weightings of the objectives are also given in the sections below.
System governance will apply industry best practice measures to identify strengths and weaknesses across all of the IT systems and services run by CMS, with an emphasis on reducing running costs and support costs, and reducing risk of disruption to BBB's business operations.
This general objective to implement industry standard best practices will have a weighting of 50% within the system governance framework.
AFSG has set each group company the objective of consolidating services across the group. Although not primarily an IT issue, this does have an impact on CMS. BBB's IT systems should not create a barrier to service consolidation. Systems should ideally be capable of providing services to other group companies, or take advantage of services provided by other group companies.
This objective will have a weighting of 25% within the system governance framework.
BBB must and does comply with many legal and regulatory requirements. It is understood that all of BBB's systems currently meet all their obligations. However, systems differ greatly in this respect.
- Efficiency. In some cases, significant manual effort is required to comply, for example to extract or change personal information.
- Transparency. Some systems require detailed audits to demonstrate compliance.
- Timeliness. In the past, some compliance requirements have only just been met by the required deadline. This has caused disruption to other business changes as staff have been diverted to urgent compliance work.
As well as measuring compliance per se, system governance will focus on ensuring that every IT system meets its obligations efficiently and transparently, and is continually anticipating compliance with future obligations.
Legal and regulatory compliance covers much more than the qualities and characteristics of IT systems. System governance will be careful to articulate this limitation.
Legal and regulatory compliance will have a weighting of 25% within the system governance framework.
As well as this weighting, system governance will use rules to identify systems that risk being, or becoming, non-compliant.
BBB has a policy of outsourcing the ongoing operation and support of stable systems, leaving CMS to focus on new value-adding developments.
Currently a little over half of BBB's systems are outsourced to Isisco, a contract which is due for renewal at the end of 2009.
BBB works collaboratively with outsourcing partners to ensure that systems in their care continue to be maintained effectively, to preserve and improve the quality and stability of the systems, and improve their potential to meet future business needs.
To help achieve this, BBB will include the systems outsourced to Isisco within the scope of system governance, and freely share the results of system governance with Isisco. This will help CMS and the management of Isisco to jointly identify where additional maintenance is worthwhile and to make the case for doing so.
Applying system governance to the outsourced systems will provide a baseline that will be of value to both parties during the renewal of the current outsourcing contract. It will provide Isisco with both the incentive and the means to demonstrate that they are working proactively in the interests of BBB.
This objective does not have a weighting of its own within the system governance framework. The weightings set for the other objectives will be applied to the outsourced systems exactly as they are to the in-house systems.
In order to compare internal IT investments with business change investments, system governance will provide an estimate of the notional value of IT improvements.
It is understood that these investments may not directly materialise as a financial return, because actual returns depend on many factors. The notional values are a rational measure of the contribution of an IT improvement, and will be considered as an input to the work planning and budgeting process.
To provide a basis for these estimates, system governance will put a value on fully meeting all objectives as 30% of CMS' non-project spend, which (using 2006 budget figures) translates to £2.85m per year. System governance will estimate value in proportion to this figure.
System governance will calculate return based on a 2.5 year payback period, and will provide a suitable margin to cover inaccuracies in assessment and weighting.
System governance will deliver measures and proposals into the annual work planning process. This section describes the measures that it will deliver, and the conditions under which proposals will be made.
System governance will deliver the following summary measures:
Number and size of systems, and change in number and size.
Overall score and improvement.
Like-for-like score and improvement, which excludes decommissioned and new systems.
Scores and notional value of improvement by system and by criterion.
A comparison of outsourced and in-house maintained systems.
A comparison of new and existing systems.
Systems will be identified as “excellent” if any of the following apply:
- Score above 90%.
- Improvement in score of 5 percentage points or more.
Systems will be identified as “candidate for improvement” if any of the following apply:
- Score below 70%.
- Reduction in score of more than 5 percentage points.
- Improvements notionally valued at £100,000 or higher.
Any priority 1 or 2 issues outstanding, or more than three priority 3 issues outstanding.
The number and severity of issues will be converted to a simplified “risk star” rating by awarding 9 points for priority 1 issue, 3 points for a priority 2, and 1 point for a priority 3, and then awarding a * for each 3 points.
Criteria will be identified as “candidate for improvement” if the value of improvements across all systems for that criterion is £1,000 or higher per total of system size. (This indicates areas where there may be a value in changing policy.) Because of the relatively small number of systems within BBB, criteria will not be analysed further.
The analysis will document any system or criterion identified as a candidate for improvement, and recommend what action, if any, is appropriate.
System governance will apply to all business systems and end-user services (such as Email, and Desktop) provided by CMS, including those outsourced to Isisco.
A breakdown of applications and services, and an indication of their relative size, will be agreed by the CMS Management Team.
The systems run from the Isle of Man data centre, and those in Edinburgh, will not be covered. (CMS is contracted to provide some development and support services for these systems, but is not fully responsible for their management.)
The roles and responsibilities for system governance will be based on those documented in the System Governance Handbook from Metrici Ltd. A summary of these are given below, with specific details for BBB.
The system governance sponsor, Linda Truman, has overall responsibility for system governance. She ensures that system governance meets the objectives set out in this terms of reference. She will represent the outputs from system governance back to the CMS Management Team.
The system governance manager (tba) is responsible for the day-to-day running of system governance.
The system governance manager reports to the system governance sponsor.
The system governance manager will be a full time role, assisted by one full-time analyst.
The system governance committee ensures that the criteria used for system governance meet the objectives. The committee is appointed by the system governance sponsor, with representative stakeholders from within CMS and across the broader business. The committee membership will change from time-to-time to reflect the changing objectives of system governance. The current committee includes:
| Group Operations Director |
| Life Products Systems Manager |
| Unsecured Loans Systems Manager |
| AFSG Systems Architect |
| Head of Systems Development |
| Technical Services Manager |
| Relationship Manager from Isisco |
| Representative from Group Compliance |
The system governance sponsor and manager will also sit on the committee.
The Relationship Manager from Isisco will sit on the committee to reinforce the mutual commitment to work together openly and collaboratively.
As far as possible, the committee will decide by consensus. Where consensus can not be reached, the committee will vote on proposals. The system governance manager will not vote. The system governance sponsor will not usually vote, but will have the casting vote in the case of a tie.
It should be stressed that the role of the committee is to ensure that system governance interprets the objectives in an effective and balanced manner. They are not a management committee for system governance, and are not responsible for its progress and planning.
System governance will be largely run in-house.
It is anticipated that much of the assessment work for the systems outsourced to Isisco will be carried out by Isisco themselves (and then checked by the system governance manager and their team). It has been agreed that this work is included within the monitoring and management information provisions in the contract, and will not attract an additional cost to BBB.
Some assistance with the annual review process is likely to be sought from a system governance specialist such as Metrici.
The processes for system governance will be based on those documented in the System Governance Handbook from Metrici Ltd. A summary of these are given below, with specific details for BBB.
System governance will deliver measures and proposals into the annual work planning process.
Specifically it will deliver into the IT planning manager in time for phase 1 of the annual planning exercise. Feedback on the proposals from system governance will come from the outcome of phase 2 planning. This will allow system governance to realign with changes in priority coming from the planning process.
All existing systems will be assessed annually.
The system governance manager will publish a draft assessment schedule once a year, and revise this on an ongoing basis to fit around projects and other work.
Projects will typically be reviewed as part of system governance, but are not required to do so. The decision rests with the Head of Systems Development.
Where projects are not assessed, new systems will be picked up as part of the ongoing system review process.
This terms of reference will be revised periodically (typically annually) to reflect changing priorities for system governance. Some likely revisions are outlined below.
- Over the next 24 months, AFSG will consolidate services across the group. The system governance objectives demonstrate BBB's support for this. Service consolidation will have an impact across BBB's business and IT systems. Once this impact is clear, the system governance objectives will change to help manage the transition to consolidated services.
- Isisco's involvement in system governance is currently non-contractual. When contracts are renewed with Isisco or other providers, a decision will be made on whether to include system governance as a formal part of the control measures of the contract.
- Group Operations have a strategy to move all IT services to a new data centre, and at the same time migrate systems to Linux-based servers as far as is practical. This move has been delayed until decisions on group-level services have been made by AFSG. Once these decisions have been made, fit to the new technical strategy is likely to be included as an objective of system governance.