BOOK REVIEWS - Information Assurance | ISACA · BOOK REVIEWS “The best strategy is one you can implement. ... David Roche and Eric Kordt | 10 Section I Setting the scene Examines

| 2

BOOK REVIEWS

“The best strategy is one you can implement. This book highlights approaches used by practitioners

to achieve this and approaches to integrate IT in the enterprise strategic planning process.”

JUSTIN CLARKE

EXECUTIVE DIRECTOR, TECHNOLOGY, A LEADING FINANCIAL SERVICES ORGANISATION

“This book will help leaders understand what they ARE doing well and what they are NOT doing well

in IT strategic planning.”

MATTHEW SMITH

CIO, AUSTRALIAN GOVERNMENT

“Strategic planning has never been more important to the health and success of an organisation.

Many traditional markets have disappeared, digital native competitors are disrupting markets at a

fraction of the cost base of their traditional competitors and the internet is giving local businesses a global stage.

Strategic planning is the tool that enables organisations to innovate and take concrete steps to ensure their success.

This e-book is full of practical guidance on the role of IT in the planning process, showing how IT leaders

supported by industry frameworks deliver competitive advantage for organisations where they have a seat at the

planning table.”

BRAD BUSCH

NATIONAL DIRECTOR, itSMF

“Every successful organisation knows where it is heading. A strategic plan articulates an

organisation’s direction and defines its road map and dependencies. In a world of fast changing

technologies and opportunities, a strategy which does not consider IT opportunities and implications

is unlikely to be a complete strategy. This e-book demonstrates how IT leaders can participate

effectively in the strategic planning process and shows how IT involvement can support and inform

an organisation’s strategic direction. It also makes a link to the ITIL and COBIT frameworks which

contain significant best practice strategy guidance, helping business and IT leaders to benefit from

other experiences.”

CLAIRE BRERETON

NATIONAL DIRECTOR, itSMF

3 |

PURPOSEThis e-book is to be used as a professional development tool by board members, management

teams and other strategic planning professionals. The content is based on interviews with

44 Australian board and management team members. It aggregates approaches taken; problems

experienced; expert tips; and a checklist of questions on IT strategic planning.

The e-book comprises two sections. Section I provides forty three industry insights on integrating

IT in enterprise strategic planning. Section II provides thirty seven industry insights on the

continuous process of IT strategic planning and includes guidance from itSMF Australia and

ISACA’s COBIT 5 framework on IT strategy development.

By understanding these insights, leaders can better understand what changes they need to make

in order to build an effective IT strategic planning capability.

This is an e-book full of industry insights and to be read and re-read to help organisations

continuously improve their IT strategic planning practices.

This e-book is NOT about what company, or how many companies, do IT strategic planning well.

This e-book is about learning from other people’s experiences on what problems they have

encountered in developing an IT strategic plan and understanding the expert tips offered by

44 professionals willing to contribute to the profession.

APPROACHResearch for this e-book was based on qualitative interviews conducted with 44 board and

management team members throughout 2013 and 2014.

All statements and contributions made by participants were provided with a view to contribute to the

profession and to improve the awareness of challenges and good practices in IT strategic planning.

All comments made were off the record and do not represent statements from any organisation.

Participants all work in Australian organisations of different sizes and from different sectors.

Participants agreed to be interviewed on the basis that their identity and their organisation’s

identity would not be made public.

| 4

5 |

TABLE OF CONTENTSEXECUTIVE SUMMARY ............................................................................................ 61. SETTING THE SCENE ......................................................................................... 10

1.1 Why should enterprise strategic planning include IT? ..........................................................11

1.2 Creating competitive advantage through innovation ........................................................... 15

1.3 Leveraging technology possibilities in enterprise strategic planning ....................................17

1.4 Integrating IT ......................................................................................................................... 22

1.5 Practitioner insights on strategic planning ........................................................................... 25

1.6 Enterprise strategic planning challenges ............................................................................. 29

2. IT STRATEGIC PLANNING .................................................................................. 332.1 Step 1 Setting the IT vision and the IT strategy to attain it .................................................. 37

2.1.1 Boards role in IT strategic planning .............................................................................41

2.2.2 Board members provide guidance to other Board members ..................................... 42

2.2.3 Governing the IT function ............................................................................................ 43

2.2.4 Desired behaviour for strategy development .............................................................. 44

2.2.5 Approaches taken by IT leaders for strategy development ........................................ 48

2.2.6 Approaches taken by IT leaders to integrate risk management ..................................51

2.2.7 ISACA’s COBIT 5 Framework guidance on strategy development ............................. 55

2.2.7 ITIL guidance on strategy development ...................................................................... 60

2.2 Step 2 Endorsement of the strategy .................................................................................... 62

2.3 Step 3 Executing the strategy through plans ....................................................................... 66

2.4 Step 4 Monitoring and adjusting strategic plans ................................................................. 69

2.5 Expert insights .......................................................................................................................74

2.6 Self assessment questions ................................................................................................... 75

2.7 Sample IT strategic plans ...................................................................................................... 76

CONCLUSION ........................................................................................................ 78APPENDICES ......................................................................................................... 80

Appendix 1: About this e-book ............................................................................................ 81

Appendix 2: ISACA’s COBIT 5 Framework ........................................................................... 82

Appendix 3: ISACA’s Governance of enterprise IT certification ........................................... 83

ABOUT OUR PROFESSIONAL ASSOCIATIONS ........................................................ 85ACKNOWLEDGEMENTS ......................................................................................... 86ABOUT OUR AUTHORS .......................................................................................... 87

| 6

Executive Summary

7 |

EXECUTIVE SUMMARY

IT STRATEGIC PLANNING

IS A CONTINUOUS PROCESS It defines the steps of how an organisation

plans to achieve its IT goals and milestones,

in an environment characterised by change.

How do we move from current to

future state?

How do we compete

and win?How do we sense

and respond to market changes?

Leaders looking to take advantage of growth opportunities are seeking environmental information

that will help steer their organisation into competitive battles and make decisions on where and how

to compete and win. Leaders desire fit and healthy capabilities with the ability to scale up and down,

change course at any time and ultimately win at what they do.

Leadership teams are concerned about the ability to sense and respond to the pace of

disruptive technologies; superior business models of competitors coming from different industries;

evolving customer preferences; and the constant wave of regulatory change.

Predictability in many markets is sharply declining. As organisations acknowledge this greater

unpredictability and a shorter time to market for new capabilities, static strategic plans are becoming

obsolete in many industries. Leaders are moving towards managing a dynamic strategy where

strategic plans and business models are constantly reviewed, tested and updated.

With a fast pace of change, leaders need to keep their environmental radars turned on, their

fingers on the pulse of the market and ensure their organisation is nimble and flexible enough to

quickly adapt.

To support this, many organisations are leveraging IT in strategic planning. They are

leveraging IT to better understand market and customer preferences; business possibilities from

technology innovation; deliver more competitive business models; and reduce incremental costs. In

our research, eight out of ten people interviewed in the financial services sector stated that IT was

integrated with their enterprise strategic planning process. One of the two companies that didn’t was

recently acquired by a competitor, a company with sound IT strategic planning.

| 8

During our research, business leaders recommended various approaches to optimising IT’s

contribution in strategic planning. Some include:

1. Understanding the threats and opportunities from technology innovation across different

geographies, industries and potential business partners;

2. Keeping fingers on the pulse of innovation, technology possibilities and what’s in the pipeline

by establishing Board sub-committees for both innovation and technology;

3. Ensuring business minded Chief Innovation Officers and Chief Information Officers report to

these Board sub-committees; and

4. Having appropriate working knowledge of IT and disruptive technologies on your Board or

strategic decision making committee.

Our research has identified the following challenges in the enterprise strategic

planning process:

1. Synchronising the strategic planning process with industry dynamics;

2. Gaining a common understanding of the organisations desired future state and

strategic priorities;

3. Managing internal competing forces;

4. Business alignment; and

5. Integrating risk management.

Challenges in developing an effective enterprise strategic planning capability:

1. Governing strategic planning;

2. Optimising the strategic planning process;

3. Getting access to clear and concise information;

4. Leveraging technology and innovation;

5. Nourishing the desired behaviour; and

6. Getting the right people involved and improving their competencies.

These enterprise strategic planning challenges have been explained in further detail in ISACA Sydney

Chapter’s book on ‘Strategic Planning: 170 Insights from Australian Boards and Management teams –

A Guide for Board and Management Teams.’

9 |

THIS IT STRATEGIC PLANNING E-BOOK HAS 2 SECTIONS:SECTION I sets the scene with industry insights on why enterprise strategic planning should

include IT; and

SECTION II focuses on the continuous process of IT strategic planning and how ISACA and

itSMF can be leveraged. This e-book does a deep dive into the first of 4 steps in IT strategic planning.

1. Setting the IT vision and IT strategy to attain it. Having set the business vision and aspirations,

senior leadership teams should agree on the IT-related vision and IT strategy, required to

support the achievement of business aspirations;

2. Endorsement of the strategy – validating the IT strategy with the business and the IT

organisation. This requires communicating the IT strategy and getting buy-in;

3. Executing the strategy through plans – converting the IT strategy into actionable plans that

articulate who; will do what; with which resources; by when; and how it would be measured.

IT plans can cascade from annual plans into employee performance and development

plans; and

4. Monitoring and adjusting strategic plans – reviewing the IT strategic plans at regular intervals,

and providing leadership support where required. This review process is important due to

business environment change, or strategic initiatives failing to yield expected outcomes.

When debating how your organisation can improve IT strategic planning, it is important to

acknowledge different perspectives. Ask your team to read the insights, answer the checklist

questions and discuss:

i. What works well with our organisation’s approach to IT strategic planning?

ii. What changes must we make in our next cycle?

Wishing you continued success with IT strategic planning.

David Roche and Eric Kordt

| 10

Section ISetting the scene

Examines why enterprise strategic planning should include IT

11 |

SECTION I : SETTING THE SCENE

WHY SHOULD ENTERPRISE STRATEGIC PLANNING INCLUDE IT?

‘Technology is at the heart of an organisation, it goes to its core viability. It’s fundamental that technology and business strategy go hand in hand. Governance of technology needs to be done right and Directors have the responsibility for due diligence.

The mobility wave and associated opportunities need to be understood and realised.

Big data sets can be analysed for patterns that can be leveraged in strategic planning.’

NON EXECUTIVE DIRECTOR, HEALTH AND TECHNOLOGY SECTOR

‘Disruptive innovations can pose a threat for an organisation and its competitors, but they can also bring value to the business if identified and debated appropriately. Strategic plans need to be stress tested for disruptive events such as technology innovations.’

NON EXECUTIVE DIRECTOR, UTILITIES AND BANKING SECTORS

‘When our Board was debating acquisition opportunities, they had the right information at the right time. They understood the internal capability strengths and weaknesses and were able to easily determine which organisation was a better fit to the strategy and fill the capability gap.’

‘Organisations need a good framework for strategic decision making that focuses on making quality information accessible. Technology supports this.’

NON EXECUTIVE DIRECTOR, FINANCIAL SERVICES

‘It’s important to understand opportunities that digital technologies are presenting as there are major revenue streams becoming available to the best positioned operators.’

CEO AND NON EXECUTIVE DIRECTOR, RETAIL SECTOR

| 12

‘IT is at our strategy development table – seen as an enabler, shaper, drives debates and provides a great perspective.’

GM CORPORATE STRATEGY, FINANCIAL SERVICES

‘IT is not integrated in our enterprise strategic planning process.

Before I started working in this organisation, technology was historically underinvested in, leading to:

• A wider gap in the alignment of business demand and supply of acceptable IT services; and

• A longer period of time to fix it. We have some catching up to do with our competitors.’

CIO, ENERGY SECTOR

‘We do NOT take a holistic approach to strategic planning.

I am NOT aware of the business strategy, but we do have a digital strategy.’

CTO, MEDIA SECTOR

‘To protect and grow revenue streams, a growing need exists for leaders to have awareness of the possibilities and threats from international innovation and technology trends, patterns and possibilities.’

DIRECTOR OF IT STRATEGY, AUSTRALIAN GOVERNMENT.

13 |

In the digital economy, business and technology innovation opportunities drive whether an

organisation attacks the market place or has its market share and revenue streams attacked.

Ideally organisations should understand evolving customer preferences, learn what’s possible from

innovative business partners and adapt their strategic plans and business models accordingly.

ARE YOU PRIMARILY

ATTACKING OR DEFENDING REVENUE

STREAMS?

IS YOUR ORGANISATION AN

INNOVATION LEADER OR FOLLOWER?

IS YOUR RGANISATION DRIVING OR

RESPONDING TO CUSTOMER

PREFERENCES?

Leveraging businessand technology

innovation

BOARD SUB-COMMITTEE FOR

INNOVATION

INNOVATION DRIVES MARKET DYNAMICS

CHIEF INNOVATION OFFICER

RESEARCH AND DESIGN TEAM

INNOVATIVE BUSINESS PARTNERS

MATURE DIFFERENTIATING

CAPABILITIES

ADAPT BUSINESS MODELS

TOLERATE INNOVATION FAILURE

BEFORE SUCCESS

LEARN WHAT’S POSSIBLE, AND

INNOVATE

keep finger on pulse of internal

and external environments

IDENTIFY GAME CHANGING

OPPORTUNITIES

13 |

| 14

Creating competitive advantage

through innovation

15 |

CREATING COMPETITIVE ADVANTAGE THROUGH INNOVATIONInnovation can drive market dynamics, enable differentiating capabilities or adapt business models,

however it requires tolerance for innovation failure. Innovative products or services usually come as

a result of previous not-so-successful endeavours. Creating the right environment to support this is

key for leaders seeking game changing opportunities: success will come eventually.

The following insights highlight the importance of innovation:

‘Disruptive innovations can pose a threat for an organisation and its competitors. However they can also bring value to the business if identified and debated appropriately. Strategic plans need to be stress tested for disruptive events such as technology innovations.’

NON EXECUTIVE DIRECTOR, UTILITY AND BANKING SECTOR

‘To protect and grow revenue streams, a growing need exists for leaders to have awareness of the possibilities and threats from international innovation and technology trends, patterns and possibilities.’

DIRECTOR OF IT STRATEGY, AUSTRALIAN GOVERNMENT

‘We encourage our teams to research game changing technology and business innovation opportunities. Our leaders state it’s OK to fund, test and fail 15 times, once we develop one game changer.’

GLOBAL RISK MANAGER, FMCG SECTOR

‘Allow time for blue sky thinking in strategy development and understand leading practice.’

NON EXECUTIVE DIRECTOR, UTILITIES AND BANKING SECTOR

15 |

| 16

Leveraging technology

possibilities in enterprise strategic planning

17 |

LEVERAGING TECHNOLOGY POSSIBILITIES IN ENTERPRISE STRATEGIC PLANNING

It is important for the IT function to be involved in the enterprise strategic planning process in order

to strengthen the integration and alignment of business strategy and technology. Many companies

only view IT as an enabler to attaining their goals. However, it is becoming more common to see

technology being leveraged in strategy setting to be a shaper and influencer of strategic choices.

Technology can and should be seen as an integral partner when pursuing aspirations, as a

strategic enabler of business capabilities; and as a critical stakeholder in supporting new revenue

streams via new products, services, channels and locations. For product innovation companies

with IT at the core of their business, technology drives strategy development and planning. Unless

leaders are aware of technology possibilities and market trends, they won’t be able to integrate the

right IT related goals, measures and targets into their business strategy.

However, not all boards support technology’s involvement in the strategic planning process.

A Board advisor states ‘if you want IT at the strategy development table, it needs support from

either the Board Chair or the CEO. It’s difficult to change how a Board governs a business or its

technology, unless one of the two individuals wants to.’

Let’s take a look at findings from the Australian financial services sector and compare what

competing organisations are saying:

‘Our leadership team ‘views IT with the sparkies and plumbers of the organisation.’ IT is treated like any other resource’.


‘IT is at our strategy development table – seen as an enabler, shaper, drives debates and provides a great perspective’ .


‘A cultural shift is occurring: organisations pursuing game changing moves are now putting IT at the strategy development and planning tables’ .

COO, FINANCIAL SERVICES

A NON EXECUTIVE DIRECTOR of a competitor described how their ‘Board recognised they had a soggy approach to IT ....hired a business minded CIO and put them on the strategy development table. ...Business teams now have access to quality information and IT provides competitive advantage’ .

| 18

This organisation has since considerably improved its performance in customer satisfaction,

profitability and market share. It rates highest in share price growth over the past four years and

has the highest customer satisfaction ratings against similar sized organisations.

Before strategic choices are made, decision makers should be aware of both the opportunities

and threats from innovation and technology trends, patterns and possibilities. If they are looking

to differentiate themselves from competitors, to successfully attack the market or new market

segment, they need strong innovation and technology capabilities. Planning for alignment of the

demands of stakeholders with the right supply of IT services at the right performance levels is key

for success.

National Australia Bank (NAB) is leveraging IT as a strategic asset. They have invested in a

central social-media centre where information from customers is gathered in real-time. This in

turn helps to understand customer views and preferences learn from their experiences and take

necessary actions in strategic and operational planning sessions.

A great example of where alignment has occurred is in the inspiring business model of fashion retailer Zara. Zara’s business model senses and responds to evolving customer preferences

better than most of its competitors in a sector characterised by quick change (in customer

preferences as well as fashion itself): Zara has optimised its time-to-market capability for

designing, manufacturing and distributing new fashion garments, to 2-3 weeks as opposed to its

competitors who have an average cycle of 4-6 months. This enables them to test new designs and

scale up manufacturing when they sense a spike in customer demand for a specific

product, leaving their old designs behind them and taking revenue streams from other fashion

retail institutes.

| 18

19 |

Other disruptive organisations that leverage technology possibilities include:

SEEK’S job advertising company and Newscorp’s RealEstate advertising company REA GROUP has leveraged technology possibilities to take over large revenue income streams from the global newspaper industry;

HOYTS has leveraged technology possibilities to establish local kiosks that provide cheap and easy movies, taking over revenue streams from DVD stores;

ING DIRECT was one of the original banks to leverage technology to provide cheap and easy on-line banking and provide competitive savings rates, taking a large market share of savings accounts from bigger competitors;

AMAZON and APPLE have leveraged technology possibilities to provide e-books to Kindle and ipad users, taking revenue streams away from bookstore outlets;

DELL COMPUTERS back in the 1990’s established a just-in-time custom design-build to order ability, taking large revenue streams from mainstream dealers like IBM, HP and Compaq; and

APPLE and SAMSUNG are now leaders in handheld devices taking revenue streams from the once market leaders Nokia and Blackberry.

All these organisations share similar characteristics. In

particular, they synchronise the strategic planning process

with industry dynamics:

However not all industries and markets operate at the same

pace. Slower paced industries such as Utilities companies can

have 25 years of predictability and 20-year supplier contracts.

Financial services may traditionally have 3-5 year horizons

whereas FMCG or retail organisation’s plans may only

have months.

| 20






future state?

How do we compete



21 |

‘The recent surge in disruptive technologies and technology innovation is

impacting the predictability levels of industries such as

Financial Services’

COMMONWEALTH BANK OF AUSTRALIA

CEO IAN NAREV IN THE SMH 24 MARCH 2014

‘Static strategic plans can lead to the risk of loss of market share or not staying

in business’

‘Dynamic strategic plans can lead to risk of staff

burnout, loss of motivation from adapting too often

and possibly loss of unsatisfied staff’

GLOBAL RISK MANAGER FMCG SECTOR

| 22

INTEGRATING IT

Without IT being aligned to meet customer, regulator and business stakeholder needs, a high risk

of failure exists as highlighted through the following two professional insights:

‘Strategic alignment problems are caused by not having clear goals and a clear strategy to attain them. Strategic alignment can be promoted by frequent communications of the strategy throughout the organisation’


‘Aligning corporate strategic plans and business unit operating plans. The strategic and operational planning wheels need to have touch points across the organisation and turn in unison with each other (e.g. strategy, product, services, sales, marketing, finance, human resources and IT). In larger organisations, individuals are responsible for a single wheel, but don’t always understand the relationship with the other planning wheels.’

DEPUTY DIRECTOR GENERAL, GOVERNMENT SECTOR

Other approaches taken by organisations to strengthen business and technology alignment /

integration include:

‘Our organisation’s 3rd (long term) strategy horizon has all employees and customers using the internet for every process.’

CIO AUSTRALIAN GOVERNMENT

‘IT is integral to our business strategy formulation and execution processes.’

GM CORPORATE STRATEGY, BANKING SECTOR

‘8 business executives set business and IT strategies. Everyone is on the same page and same journey.’

COO, BANKING SECTOR

‘We only have business initiatives, sponsored by business executives. Business provides budget for IT. We don’t have any IT initiatives. IT does not sponsor projects.’

COO / CIO, BANKING SECTOR

‘We have a set of IT principles that steers direction and every technology decision.’


‘Business architecture drives our IT architecture.’

STRATEGY AND PLANNING LEAD, FINANCIAL SERVICES

‘Business capability modelling and assessments drive our investment proposals in technology.’

STRATEGY AND PLANNING LEAD, FINANCIAL SERVICES

23 |

Business teams drive business and technology innovation. This works a lot better for

us, than IT driving business innovation.’

GLOBAL RISK MANAGER FMCG SECTOR

23 |

| 24

ENTERPRISE STRATEGIC PLANNING

STRATEGIC PLANNING


plans to achieve its goals and milestones,



future state?

How do we compete



Over 40 interviews, many practitioners provided insights into how they describe strategic planning.

25 |

PRACTITIONER INSIGHTS ON STRATEGIC PLANNING

‘A strategic planning process should articulate who will do what, with which resource by when, and how it will be measured.’


‘The strategic planning process helps us determine how to win in the market and attain goals and milestones.’


‘The strategic planning process enables leaders to review the original strategy and identify how to differentiate from competitors’


‘Understand where market growth is going to happen and what lines of business to focus on. Identify initiatives that will drive performance and meet desired outcomes.’


‘Clearly articulates the organisation’s destination and the journey how it gets there. Strategic plans should help align operational plans, budgets, resources and energies.’


‘Consider strategy horizons, strategy iterations, investment capital, resources, change capacity, allocations and what is the best mix to attain goals.’


‘Have a strategy framework with a strong filter to prioritise initiatives.’

HEAD OF PORTFOLIO MANAGEMENT, ENERGY SECTOR

‘Ensure outcomes are funded.’


‘Define a plan based on available information and be flexible enough to adapt it according to environmental changes.’

EXECUTIVE DIRECTOR, NOT-FOR-PROFIT SECTOR

| 26

When an organisation’s leadership team does strategic planning for the first time they may set

aspirations for what they would like the organisation to achieve. Many organisations articulate these

aspirations as vision, mission and value statements and a desired future state. Some leaders reflect

on how to differentiate themselves from their competitors, how to compete and win in their market.

Others might focus on how their organisation should move from the current state to the desired

future state.

An organisation’s strategy is the set of goals, measures of success and milestones required,

potentially over a number of time horizons, to attain those aspirations. The set of goals and

milestones may be related to market and customer segments; products and services; channels for

selling and servicing customers; and targeted locations. This so called strategy ensures that the

organisation runs effectively and efficiently, by:

1. Ensuring there is a clear sense of purpose of the organisation (e.g. a vision and mission);

2. Ensuring the organisations operating model is optimally aligned to support the attainment of

the organisational purpose;

3. Ensuring that the organisation understands what risks they are prepared to take;

4. Ensuring that there is clear governance in place to guide the organisations actions and

ensure their continued strategic alignment; and

5. Ensuring that there are clear mechanisms for monitoring environmental changes and the

organisations progress in strategy implementation.

Planning defines the steps of how an organisation plans to achieve its goals and milestones, to

survive and be competitive in an environment characterised by change. In many cases, strategic

planning takes the form of an annual process, but it really should be a continuous process that

senses and responds to environmental change and performance results.

A strategic plan is an action plan that articulates who will do what with which resources by when

and how it would be measured. It should highlight choices on initiatives; investments (e.g. Mergers/

Acquisitions) and who is accountable to attain the benefits, manage costs and risks; the measures

of success, relevant timelines and resources required to deliver within the timelines. Planning

considers constraints such as budget, capabilities, resources and risk boundaries. Leaders should

ensure they have a strategic planning framework and process aligned to their organisation’s

industry dynamics. Synchronising the agility needs of an organisation and its strategic planning

process is key. Leaders should keep their environmental radars turned on, keep their fingers on the

pulse of the environment and ensure their organisation has the ability to react and adapt quickly.

Acknowledging technology plans or innovations by organisations in other industries is also prudent.

Based on our research, the following 2 diagrams aggregate strategic planning approaches taken by participants.

27 |

ENTERPRISE STRATEGIC PLANNING MODEL

��/��

What do we wantto achieve?

● Winning aspirations

- Vision, mission and core values

- Desired future state

● Where to win choices

- Markets

- Customer segments

- Products and services

- Channels

- Locations

● Goals, measures of success and milestones

�� :

How to achieve our aspirations, goals and milestones

How to compete and win

● Strategic planning

- Strategic analysis

- Scenario planning

- Strategic options

- Strategic choices on:

Business model

Initiatives

Investments (M/A)

Accountability

Measures of success

Timelines

Resources

● Operational plan linkage

● Employee plan linkage

�� ?

● Support agility to respond by continuously aligning plans, budgets and resources

● Strengthen alignment via enterprise architecture, balanced scorecard and service catalogues

● Organisation-wide approach

- Transformation / change

- Funding outcomes

- Resourcing outcomes

- Portfolio management of programs and projects

- Governing and managing value via benefits realisation, resource and risk optimisation

��

How are we performing?

● Market position

● Market share

● Financial outcomes

● Customer outcomes

● Operational outcomes

● People and culture

● Social outcomes

● Environmental outcomes

● Record of outcomes over the period of the plan

External environmentalforces and events

● Industry dynamics

● Market dynamics

● Customer preferences

● Competitive landscape

● Supplier and partner landscape

● Political landscape

● Economic landscape

● Social and cultural landscape

● Business innovation

● Technology innovation

● Environmental landscape

● Legal and regulatory landscape

��

Internal environmental factors

● Constraints/boundaries to work within

- Capital

- Capabilities

- Resources

- Risks

● Leadership style and change in leaders

● Organisation structure,size, expansion

● Lifecycle stage in the market

● Culture, ethics, behaviour, value system

● Operating model, change and maturity

● Change appetite and capacity

● Processes

● Risk appetite and risk profile

● Principles, policiesand frameworks

Strategic planning enablers

Governance of strategy

Strategic planning process

Environmental information

Innovation and technology

Culture

People, skills and competencies

�� , �� , ��

��

��

��

| 28

ENTERPRISE STRATEGIC PLANNING PRACTICES

CONSIDERWhat are our aspirations? (e.g. vision)

What is our desired future state? What does success look like?

What is our current state and performance?What relevant external environmental forces and events exist?

What constraints do we need to work within or change?What business changes are required?

DRIVE KEY RECOMMENDATIONSScenarios

(e.g. What opportunities, risks and challenges exist with competitive moves?)

Strategic options (e.g. How can we differentiate,

compete and win)Business model options

How will we organise ourselves to compete in our chosen arenas?

FILTER OUR OPTIONS TODEVELOP OR ADAPT OUR ROADMAP

Considering our constraints (e.g. capital, capabilities, resources, risk appetite). What tools can we use to filter and

manage our activities within these constraints and help us achieve our desired outcomes?

● A set of investment principles● Key focus areas✼

● Business cases● Constraint / boundary analysis● Alignment analysis● Benefit analysis● Resource analysis● Risk analysis● Lessons learned

Investment dependencies and sequencing Portfolio mix (e.g. growth,

transformational, stay in business).

ADAPT OUR STRATEGIC CHOICES Our strategic plan:

How will we compete and win/move from current to future state?

What will our business model be?

What initiatives or projects will we run?

What investments, mergers oracquisitions do we need to make?

Who will be accountable fordelivering each of them?

How will we measure successin each of them?

When should we start andcomplete them by?

What resources do weneed allocated?


future state?

How do we compete

and win?

What filters will drive our investment

priorities

How do we senseand respond to

market changes?

29 |

ENTERPRISE STRATEGIC PLANNING CHALLENGES

Following are problem insights captured in interviews that highlight weak strategic planning

capabilities do exist:

‘Executives do not have a common understanding of the strategy’.

HEAD OF CORPORATE STRATEGY, FINANCIAL SERVICES SECTOR

‘The loudest voice wins funding. This was a direct result of having no common understanding of the organisation’s motherhood strategy statements or strategic priorities’.

HEAD OF STRATEGY AND TRANSFORMATION, FMCG SECTOR

‘Silo-based portfolio planning leads to overlapping of initiatives and capability gaps’.

HEAD OF INVESTMENT PORTFOLIO, ENERGY SECTOR

‘We do NOT take a holistic approach to strategic planning. I am not aware of the business strategy but we do have a digital strategy.’

CTO, MEDIA SECTOR

‘We have NO formal methodology to filter or prioritise our initiatives.’

‘We have NO formal quarterly review process to review our strategy progress.’

HEAD OF STRATEGY AND TRANSFORMATION, FMCG SECTOR

‘Our executive team do not pull out the strategic plan and track progress quarterly.’

CIO, GOVERNMENT SECTOR

| 30

Overall, our interviews with 44 Board and Management team members have highlighted the

following common challenges in the enterprise strategic planning process:

1. Synchronising the strategic planning process with industry dynamics;

2. Gaining a common understanding of strategy;

3. Aligning internal competing forces;

4. Aligning plans, budgets and resources;

5. Integrating risk management;

6. Filtering / prioritising the right focus areas and initiatives;

7. Taking a holistic approach to strategic planning (siloed or no formal planning process);

8. Getting approval for large initiatives through the normal planning rhythm of the

organisation;

9. Approval of weak business cases through ineffective stage gating; and

10. Not tracking progress of strategy execution or the historical journey from the original

current state to the desired state.

31 |

Other identified challenges included: governing strategic planning; getting access to clear and

concise information; leveraging technology and innovation; nourishing the desired behaviour; and

getting the right people involved.

The above challenges are discussed in detail in ISACA Sydney Chapter’s book on: ‘Strategic Planning: 170 Insights from Australian Board and Management teams – A Guide for Board and Management teams.’

31 |

| 32

We have covered off why IT strategic planning should be integrated in enterprise

strategic planning, now let’s delve into the IT strategic

planning process.

33 |

Section II.IT strategic planning

| 34

IT Strategic Planning Practices






future state?

How do we compete



| 34

35 |

SECTION II : IT STRATEGIC PLANNING

STEPS IN IT STRATEGIC PLANNING

Every business leader has a vision for the organisation they lead. Similarly every CIO has an IT-

related vision for the IT function they lead. Converting this vision into reality however is what

differentiates exceptional CIOs from poor ones. One of the key methods these great CIOs use is IT

strategic planning which relies on adopting, transforming or leveraging new or existing technology,

processes and people.

Strategic planning enables a CIO and his/her senior leadership team to define the steps required

to achieve the goals and milestones which will make the organisation successful. These steps link

strategy development to execution in order to make business and IT related visions a reality.

The following sequence of events, successfully employed by various IT organisations in Australia,

can be used to link strategy development and execution – potentially over many years:

1. Setting the IT vision and IT strategy to attain it – Having set the business vision and aspirations,

senior leadership teams should agree on the IT-related vision and IT strategy, required to

support the achievement of business aspirations.

2. Endorsement of the strategy – validating the IT strategy with the business and the IT organisation.

This requires communicating the IT strategy and getting buy-in.

3. Executing the strategy through plans – converting the IT strategy into actionable plans that articulate

who; will do what; with which resources; by when; and how it would be measured. IT plans can

cascade from annual plans into employee performance and development plans.

4. Monitoring and adjusting strategic plans – reviewing the IT strategic plans at regular intervals, and

providing leadership support where required. This review process is important due to business

environment change, or strategic initiatives failing to yield expected outcomes.

| 36

STEP 1 Setting the IT vision and IT

strategy to attain it

37 |

STEP 1: SETTING THE IT VISION AND IT STRATEGY TO ATTAIN IT

STEP OVERVIEW Having set the business vision and aspirations, senior leadership teams should agree on the IT-related vision and IT strategy, required to support the achievement of business aspirations.

KEY REQUIREMENTS a. Senior leadership team that is committed to a shared IT-related vision that supports attainment of the business aspirations;

b. Awareness of the needs and capability requirements of the business; c. An understanding of the broader external environment and

technology possibilities; andd. An agreement of the steps required to attain the IT-related vision.

CHALLENGES a. Not understanding the business and IT requirements and constraints; b. When not all of the senior leadership team participate in the setting of

the IT-related vision and strategy.CHECKLIST a. Attaining time availability of the senior leadership team;

b. Appropriate inputs to the strategy (e.g. environment scans); andc. Agreement by the whole senior leadership team on the required IT

vision and strategy to attain it.

Strategies need to be owned by the senior leadership team as they are the individuals accountable

for making decisions that impact the entire organisation including the allocation of budget and

resources. Instances where senior leaders outsource strategy formulation to a third party, either

industry or a team member, means the executive has no ownership of the strategy.

In instances where leaders delegate strategy development to others:

1. Leaders may not fully understand the challenges that confront the organisation. e.g.

environmental changes such as successful competitor moves to absorb our market

share. The failure to understand the implications of these competitor moves may lead the

executive to under resource differentiating capabilities or even worse, not resource them

at all; and

2. A Strategic plan written by a third party may not reflect the intent of the senior leadership

team. This is because third parties such as industry consultants or team members may not

understand the challenges or the niche opportunities that may present the organisation

significant opportunity in the future.

Whilst the senior leadership team needs to set the vision, it can leverage both industry and team

members to provide critical input. (e.g. by getting insights of emerging technologies that could

disrupt the marketplace; or collating innovative ideas that could significantly improve processes to

provide competitive advantage.) This approach is invaluable for injecting creativity into the strategic

thinking of the senior leadership team.

| 38

In setting the IT vision and strategy the senior leadership team of an IT organisation can consider:

1. Desired future state of the business and the business goals and milestones required to

attain its leaders aspirations;

2. How IT can support the business in achieving its business mission. In doing so the senior

leadership team must consider the mission of the IT organisation, its IT values and IT

aspirations for the future;

3. Business competitive landscape, industry dynamics and business agility requirements to

remain competitive (or meet ministerial demands in the public sector);

4. Guiding principles that steer investment decisions and enable a desired future state;

5. IT capabilities and services required to support the desired future state business

capabilities within the risk appetite or boundaries agreed by the Board; and

6. Key challenges that confront the IT organisation, when enabling the business. A starting

point for this may include a:

a. PESTEL analysis (Political, Economic, Social, Technological, Environmental and Legal);

b. SWOT analysis (Strengths, Weaknesses, Opportunities and Threats);

c. Assessment of the current IT organisation (e.g. workforce, technology, budget,

processes, level of business trust); and

d. Constraints such as funding and risk boundaries which may limit the scope of

the strategy.

This information considered by the senior leadership team can be acquired through interviews,

workshops, information gathering and analysis.

39 |

39 |

| 40

Based on these considerations the senior leadership team can develop a strategy that enables the

IT organisation to best support the business in achieving its outcomes. This strategy

should include:

1. What innovative technologies can we deliver the business to provide it a

competitive advantage;

2. What processes need to be improved within the IT organisation;

3. What IT capabilities within the organisation are required to execute the strategy (e.g.

workforce, infrastructure). This maybe in the form of a roadmap with clearly defined

objectives and capabilities and associated timeframes; and

4. What business capabilities and organisational change capabilities are required to effectively

utilise the planned IT capability.

Consideration should be given toward grouping key strategic activities into strategic imperatives or

themes (e.g. Stabilise core IT capability). This enables differentiation of “keep the lights on”

or maintenance initiatives from transformation and innovation initiatives that may build

differentiating capabilities.

41 |

BOARDS’ ROLE IN IT STRATEGIC PLANNING

A Board should ensure1. The strategic planning process leverages technology innovation possibilities to brief,

guide and influence choices throughout the organisation;

2. IT innovations and capabilities leveraged in different industries, or in different

geographical locations are understood, strategic options debated and

choices made;

3. IT innovations and capabilities by competitors are understood, options debated and

choices made;

4. IT is seen as an enabler, shaper and drives debates of business possibilities from

technology possibilities;

5. IT SWOT analysis is undertaken considering external and internal

environmental factors;

6. IT is leveraged in strategic planning to better understand the market and

customer preferences;

7. IT is leveraged to deliver an improved service model with multiple channels;

8. IT is leveraged to reduce incremental costs;

9. IT risks are understood, debated and actioned appropriately;

10. Adequate IT resources are made available to research IT innovations, execute the

strategic plan and achieve desired outcomes;

11. IT is involved in discussions on how IT can transform the business; grow the

business; and keep you in business;

12. Board sub-committees for business innovation and technology are established

to keep their finger on the pulse of innovation, understand what is possible from

technology and what’s in the pipeline;

13. Ensure business minded Chief Innovation Officers and Chief Information Officers

report to these Board sub-committees; and

14. They have appropriate working knowledge of IT and disruptive technologies on their

Board or strategic decision making committee.

41 |

| 42

BOARD MEMBERS PROVIDE GUIDANCE TO OTHER BOARD MEMBERS

A Board should ensure:

1. ‘Strategy is understood;

2. Transparency and clarity exists of aspirations, goals, objectives, project activities, resources utilised to achieve these, timeframes and accountability;

3. Strategy is built within constraints;

4. Risk boundaries are set and worked within; and

5. A number of touch points during the year to assess progress; if necessary change goals and objectives and re-align resources.’

NON EXECUTIVE DIRECTOR, HEALTH AND TECHNOLOGY SECTORS

A Board should ensure:

1. ‘Strategic planning discussions are focused on value drivers and milestones;

2. Participants understand what drives value;

3. They offer guidance or challenge gaps in information inputs and outputs of the process;

4. All participants are constructive, respectful for each other, be there to help, to promote working together as a team, communicate using the right tone; e.g. if management believes their throats will get cut, the Board will not get information reported to them again;

5. Leaders identify strategic challenges, form a working group to do a deep dive, understand what it takes to change the business and solve the challenge;

6. Scenario planning takes place; and

7. Board sub-committees are established for IT and innovation; Understand what is possible and in the pipeline.’

BOARD CHAIR, FINANCIAL SERVICES AND NON EXECUTIVE DIRECTOR, MANUFACTURING,

FINANCIAL SERVICES, AND NFP SECTORS

43 |

Governing the IT function

‘Boards should draw a line of sight between the Board and the IT function. They can achieve this by governing the IT function through a number of governance mechanisms.

Such mechanisms can include:

1. A Board sub-committee for IT that sets direction, strategic priorities and evaluates performance;

2. An approved set of technology principles to guide all technology decisions;

3. IT committees that are decision forums for enterprise architecture, investments, IT risk management; and

4. An IT operating model that brings functions and processes together.

By governing the IT function, Boards can be better positioned to be comfortable with investment choices, benefits realisation, management of IT risks, resource allocation and overall performance.

HEAD OF IT GOVERNANCE FINANCIAL SERVICES SECTOR

43 |

| 44

DESIRED BEHAVIOUR FOR STRATEGY DEVELOPMENTIn our research, the following attributes may be used to describe a future state environment for

strategic planning. Several characteristics define leaders that are able to successfully develop

strategies. These characteristic include:

ALIGN ATTITUDES AND AMBITIONS

REMOVE ROADBLOCKS

COLLABORATION FOR ORGANISATIONAL SUCCESS

BE CREATIVE

BOXTHINK OUT OF THE

CONTINUOUS IMPROVEMENT

OPEN TO NEW IDEAS

PROBLEM SOLVING

RECOGNISE AND REWARD

45 |

| 46

‘Aligning strategy, culture and the reward system, is a good

recipe for success’

DEPUTY DIRECTOR GENERAL AUSTRALIA GOVERNMENT

47 |

LEADERS SHOULD ENCOURAGE PARTICIPANTS TO:

1. Understand the strategic planning framework, processes and roles and responsibilities;

(see roles of support functions section in ISACA Sydney Chapter’s book on enterprise

strategic planning: Strategic Planning: 170 Insights from Australian Board and Management

teams – A Guide for Board and Management teams: www.isaca.org/sydney);

2. Take a proactive approach in identifying and solving business problems;

3. Have a big picture mind set and outlook;

4. Think with a strategic headspace. All too often people come into strategy meetings thinking

about their current day to day problems – not about the long term.

5. Be creative and open to discussing and building other people’s ideas, e.g. new business

models, products, services, channels or new market or customer segments;

6. Be aware of targeted customer needs and pain points. Only then can they contribute value

to aligning the value proposition of their products and services. Invite front line staff to

contribute feedback from customers;

7. Be up to date with intimate knowledge of the business and industry they are in and know

what their competitors are doing;

8. Be working with and aligning teams involved in strategy, product, marketing, finance,

risk, portfolio management and IT and helping participants or coordinators collate

relevant information;

9. Build a common language for everyone to use and understand;

10. Inviting business innovation and technology specialists to demonstrate what new

technology or innovation opportunities can be leveraged within the current or alternative

business model;

11. Be inviting enterprise architects and business risk managers to discuss what is possible;

realistic; quantify risks and necessary mitigations; and help the other participants work

within defined parameters;

12. Be inviting IT strategists to become business strategists; and

13. Be self aware and open minded of their own biases and ensure these biases do not skew

their judgement.

http://www.isaca.org/sydney

| 48

APPROACHES TAKEN BY IT LEADERS FOR STRATEGY DEVELOPMENT

EXAMPLE 1: CIO FROM THE ENERGY SECTOR STATES:

‘Our strategy is pragmatic; simple; easy to understand; and everyone agrees it’s the right thing to do.’

His approach includes ‘understanding the business needs; understanding individual executive needs; understanding the group need; developing an IT strategy with the executives; and getting approval and sign–off.’

He states ‘to ensure we are working on the right things, it’s important to link the corporate strategic plan with IT strategy.’ To achieve this he has ‘clearly articulated the destination and journey of IT systems, where are we going and how we are getting there.’

EXAMPLE 2: CIO FROM THE GOVERNMENT SECTOR STATES:

‘Fundamentally, I start by asking and determining “what is the problem that needs to be solved”. From my experiences, in large enterprises (especially government organisations), one needs to articulate and determine the organisation’s profile, in terms of the “Status Quo” and how things get done or not done, one needs to understand the:

● Blindside of the enterprise;

● Maturity of the thinking;

● Disjointed-ness;

● Silos;

● Talk on the street; and

● Suppressed voices.

It is this CIO’s view that ‘too many large enterprises develop strategies, business plans etc. that do not address the blind side, the internal baggage of the organisations net effectiveness (i.e. the true issues are not called out to be addressed). Then, the execution of any plan will be inherently impeded by the relative portion of the dysfunctions that exists within the organisation.’

The CIO states, ‘would you ask a dysfunctional child to write a strategic plan? Like Einstein said, problems cannot be easily solved from the mindset that created them in the first place. Thus it takes future vision and courage to look into the rear-view mirror and ask the hard questions to truly write a functional i.e. effective strategy that will deliver exponential rewards and outcomes to and for the organisation.’

49 |

EXAMPLE 3: CIO FROM THE GOVERNMENT SECTOR STATES:



‘Our future state enterprise architecture drives investment decisions’

Our IT organisation is not set up as a service model, as it does not work if the service fails. Instead we aim to have the ability to respond to an event. Our IT function partners with the business, we all play a role in re-designing business processes.’

‘We don’t just follow our job descriptions, we go beyond our job descriptions, by gathering people together, understanding their problems and look to how we can improve the way we do things.’

EXAMPLE 4: HEAD OF IT GOVERNANCE FROM THE FINANCIAL SERVICES SECTOR STATES:

‘We identify the key corporate wide business capabilities required to attain our goals;

We identify the key IT component of those business capabilities; and

We identify and aim to close our key capability gaps through our investment prioritisation process.’

| 50

‘IT strategy plays a role in enterprise strategic planning by:

1. Aligning IT to the needs of the organisation;

2. Providing clarity around the vision of IT in the organisation;

3. Communicating the value of IT to the organisation (e.g. achieving performance targets, satisfying consumers, outperforming competition);

4. Ensuring that the organisation has a shared understanding of the risks associated with the IT environment – both current and emerging; and

5. Informing enterprise planning of the IT priorities that must be pursued if the full value of IT is to be realised.’


IT STRATEGY

‘Enterprise Architecture plays a role in strategic planning by providing a:

1. View of what is possible in strategy setting (leveraging knowledge of current and future technologies);

2. View of business and IT capabilities and the gaps that need closing;

3. Business technology view and roadmap for the organisation;

4. Technology requirement view for each initiative;

5. Big picture view of technology requirements across the organisation with opportunities to collaborate and make the right change at the right time; and

6. View on delivery and prioritisation.’

PRINCIPAL ARCHITECT, FINANCIAL SERVICES

ENTERPRISE ARCHITECTURE

| 50

51 |

APPROACHES TAKEN BY IT LEADERS TO INTEGRATE RISK MANAGEMENT

In order for a business to deliver products and/or services, it needs to accept a certain amount

of risk. If it has a zero risk appetite, it could not open its doors for business. In strategic planning,

it is important for Boards and Management teams to discuss what risks they are willing to take in

pursuit of their aspirations. How much pain are they willing to accept while doing certain

business activities.

Risk management plays a role in strategic planning by:

‘Ensuring a risk appetite statement is:

Relevant to the dynamics of the industry and the entity

Clearly articulating boundaries and measures for the entity to work within;

Developed by the Board as opposed to management teams developing their own boundaries to work within;

Leveraged by the Board to hold Management to account to ensure their strategy is within the agreed boundaries;

Leveraged by the Board as a gateway; If proposed strategy is outside of agreed boundaries, that the Board be involved to discuss opportunity, value and risks and decide on whether the opportunity is worth tolerating or not;

Organisations should also consider having a risk manager in the group strategy team.’

GROUP RISK MANAGER, FINANCIAL SERVICES

IT risk management may be integrated by:

1. Scenario and contingency planning; and

2. Stress testing of the business model and strategy against disruptive technology innovations.

When it comes to discussing its appetite for technology, leaders may choose to invest in bleeding

edge, leading edge or 1 step behind the front runner. These technology decisions may be included

in an enterprise, business unit or specific IT risk appetite statement.

Including IT in enterprise strategic planning may become a policy, or boundary that may not

be breached.

A decision to in-source, out-source or near-source technology capabilities may be included as

a boundary.

IT risk management plays a role in strategic planning by ensuring proposed initiatives or investments comply

with items such as IT policies, future state architecture standards and security standards.

| 52

PROBLEM INSIGHTS: INTEGRATING RISK MANAGEMENT IN STRATEGIC PLANNING

‘Not enough consideration for integrating risk management in strategic planning.’

BOARD CHAIR, FINANCIAL SERVICES

‘Risk management is an afterthought in strategic planning for many organisations.’

GROUP RISK MANAGER, FINANCIAL SERVICES

‘I’ve not seen risk management integrated with strategic planning’

BUSINESS CONSULTANT

53 |

Now let’s examine ISACA’S COBIT 5 Framework guidance

on developing an IT strategy

| 54

55 |

ISACA’S COBIT 5 FRAMEWORK: GUIDANCE ON STRATEGY DEVELOPMENTISACA’s COBIT 5 framework provides an approach to governing and managing information and

technology. It’s the result of many subject matter experts around the globe who have contributed

to the profession through highlighting practices they have effectively used. One of these practices

focuses on managing the strategy process.

COBIT 5 highlights approaches for describing the IT strategy process and its purpose; the desired

outcomes; activities; and both inputs and outputs to the process. Organisations may consider

customising the relevant components within their own environment.

PROCESS NAME MANAGE STRATEGY

PROCESS

DESCRIPTION

Provide a holistic view of the current business and IT environment, the future direction and initiatives required to migrate to the desired future environment;

Leverage enterprise architecture building blocks and components, including externally provided services and related capabilities to enable nimble, reliable and efficient response to strategic objectives.

PROCESS PURPOSE Align strategic IT plans with business objectives;

Clearly communicate the objectives and associated accountabilities, so they are understood by all;

Identify IT strategic options, ensuring they are structured and integrated with business plans.

PROCESS OUTCOMES All aspects of the IT strategy are aligned with the enterprise strategy;

The IT strategy is cost effective, appropriate, realistic, achievable, enterprise-focussed and balanced.

| 56

BASE PRACTICES Understand the enterprise direction.

Consider the current enterprise environment; business processes; enterprise strategy and future objectives.

Consider the external environment of the enterprise (e.g. industry drivers, relevant regulations, basis for competition)

Assess the current environment, capabilities and performance.

Assess the performance of the current internal business and IT capabilities and external IT services; Develop an understanding of the enterprise architecture in relation to IT; Identify issues currently being experienced and develop recommendations in areas that could benefit from improvement; Consider service provider differentiators and options; the financial impact, potential costs and benefits of using external services.

Define the target IT capabilities.

Define the target business and IT capabilities and required IT services. This should be based on the understanding of the enterprise environment and requirements; the assessment of the current business process and IT environment and issues; and consideration of reference standards, best practices and validated emerging technologies or innovation proposals.

Conduct a gap analysis.

Identify the gaps between the current and target environments; Consider the alignment of assets (the capabilities that support services) with desired business outcomes, to optimise investment in and utilisation of the internal and external asset base; Consider the critical success factors to support strategy execution.

Define the strategic plan and roadmap.

Create a strategic plan that defines, in co-operation with relevant stakeholders, how IT-related goals will contribute to the enterprise’s strategic goals; Include how IT will support IT-enabled investment programmes, business processes, IT services and IT assets; Direct IT to define the initiatives that will be required to close the gaps, the sourcing strategy and the measurements to be used to monitor achievement of goals, then prioritise the initiatives and combine them in a high level road map.

Communicate the IT strategy and direction.

Create awareness and understanding of the business and IT objectives and direction, as captured in the IT strategy, through communication to appropriate stakeholders and users throughout the enterprise.

Please refer to the ISACA COBIT 5 framework for information on the inputs and outputs of the

strategy process.

ISACA provides guidance that the achievement of goals is related to a number of enablers. ISACA

also states that the objectives of these enablers should be discussed and approved within the

strategic planning process.

57 |

Enablers include the relevant principles, policies and frameworks for:

1. Processes

2. Organisation structures (e.g. governance mechanisms/decision making forums/committees)

3. Culture, ethics and behaviour

4. Information

5. Services, infrastructure and applications

6. People, skills and competencies

ISACA has a range of guidance material that can be leveraged in strategic planning. COBIT 5

Framework includes a generic list of enterprise goals that are mapped to IT related goals and

cascaded further into generic enabler goals. This framework can be downloaded from:

www.isaca.org/COBIT/Pages/Product-Family.aspx

http://www.isaca.org/COBIT/Pages/Product-Family.aspx

We have covered what ISACA’s guidance is on IT strategy development,

now let’s examine ITIL’s guidance.

| 60

ITIL GUIDANCE ON STRATEGY DEVELOPMENT

The purpose of a service strategy is to articulate how a service provider will enable an organization

to achieve its business outcomes; it establishes the criteria and mechanisms to decide which

services will be best suited to meet the business outcomes and the most effective and efficient way

to manage these services. Strategy management for IT services is the process that ensures the IT

service strategy is defined, maintained and achieves its purpose.

In speaking to a technology lead in Government sector, she states:

‘The objectives of strategy management for IT services is to:

1. Analyse the internal and external environments to identify opportunities that may benefit the

organisation;

2. Identify constraints that may prevent the achievement of business outcomes, the delivery or

management of services; and define how those constraints may be changed, removed or

their effects reduced;

3. Agree the perspectives that will result in a clear statement of the vision and mission of the

service provider and review regularly to ensure continued relevance;

4. Establish the position of the service provider relative to its customers and other service

providers. This includes defining which services will be delivered to which market spaces,

and how to maintain competitive advantage;

5. Produce and maintain strategic planning documents and ensure that all relevant

stakeholders have updated copies of the appropriate documents. This will include the IT

strategy, the service management strategy and where appropriate, the strategic plans for

each service;

6. Ensure that strategic plans have been translated into tactical and operational plans for each

organisational unit that is expected to deliver on the strategy;

7. Manage changes to the strategies and related documents, ensuring that strategies keep

pace with changes to the internal and external environments.’

61 |

STEP 2 Endorsement of the strategy

| 62

STEP 2: ENDORSEMENT OF THE STRATEGY

STEP OVERVIEW: In this step the IT Vision and IT strategy is communicated to key stakeholders for comment. Where stakeholders provide comment the senior leadership team must agree on what action to take. Once this process is complete the senior leadership team must endorse the IT vision and IT strategy for implementation.

KEY REQUIREMENTS: Identification of key stakeholders (e.g. external and internal customers and partners);

Communicating the strategy to the key stakeholders;

Analysing comments provided by key stakeholders and determining what action to take;

Providing feedback to key stakeholders; and

Getting endorsement of the strategy from the senior leadership team.CHALLENGES: Not identifying or engaging the right or key stakeholders; and

Failing to provide sufficient time for key stakeholders and the senior leadership team to provide and action appropriate comments.

CHECKLIST: Do you have a list of key stakeholders and their contact details;

Do your Board, Executive team and operational leaders have a common understanding of the desired future state, business strategy and priorities?

Do operational leaders in support functions have a common understanding of the strategic and operational plans across all business functions?

Are there effective communication practices in place to disseminate the understanding?

Seeking to lead an organisation without followers is futile – in fact it would be like a general without

an Army. It is the same with a strategy. A strategy that provides direction for an organisation, but

fails to win the hearts and minds of key individuals required to execute the strategy is likely to fail.

For instance:

If a key strategic imperative is to improve data quality within the organisation, both the business and the IT organisation will be required to work together. If the business does not support this imperative, resources required to determine what data is currently critical may not be made available to support this imperative. Conversely, if the IT organisation does not support this imperative, capabilities such as automated data cleansing that can be leveraged to improve data quality, may not be applied.

63 |

As evidenced by this example both the IT organisation and the business it supports must work

together in order for the strategic intent to be realised. In order to achieve this everyone in the

organisation must be on the same page. This requires ensuring that the strategy is

either developed:

1. In unison with the business so they fully understand the strategy and buy-in to the strategy;

or

2. By the IT organisation and then communicated to the business and adjusted based on

business feedback prior to being finalised.

Through either of these two approaches the business and IT executives can align business unit

strategies and a supporting IT strategy. This is likely to ensure that resources are made available to

execute the strategy and that appropriate service levels are defined.

| 64

COMMUNICATIONA strategy must be communicated in a manner that is:

1. Clear, concise and targeted;

2. Simple and easy for everyone to understand;

3. Aligning the understanding of leaders; staff; business partners; suppliers; customers and

regulators; and

4. Transparent, communicated and have its understanding tested.

A strategy should be pragmatic, simple and easy to understand.’ As a result, everyone quickly agrees on the right things to do in their strategic planning sessions. They can easily translate their strategy into programs and projects and get quick wins.

CIO, ENERGY SECTOR

Another important consideration is communicating the strategy to other parties beyond the

business to encourage ownership and accountability of the strategic plan. These parties include:

1. Industry partners – including vendors, outsourcers and service providers - that must

understand the strategy if they are to successfully contribute to helping the organisation

achieve its strategic intent. For instance, a commitment to delivering innovative and leading

edge technologies to consumers may be enabled by industry business partners providing

the organisation access to technologies not realised yet by the market. Here the organisation

and industry partner, through the alignment of their strategies, may mutually work together

to support each other in growing their market share. For example e.g. ING DIRECT Australia

expanded their research capacity and innovation possibilities by partnering with industry

leaders CISCO, Dimension Data, Microsoft and NetApp. They enabled ING Direct’s

innovative ‘Bank in a Box’ model to fast track their testing environments of new services and

applications from 3 months to 10 minutes.

2. Employees that will be required to improve processes and run activities required by the

strategy. Employees that do not understand the strategy or are unaware that a strategy even

exists are very unlikely to contribute to its realisation. Communication to employees can

help ensure that employees understand the strategy and obtain their buy-in. This can be

achieved either during the development of the strategy via workshops, or after the release

of the strategy via briefings. Giving the guidance of what goals and milestones are set and

an environment where creativity is encouraged, employees can build on each other’s ideas

to provide innovative solutions to solving problems and revenue growth opportunities.

In communicating the strategy to these parties it’s important that the parties feel that the

organisation is moving forward and also that their contribution to realising the strategy is important.

65 |

STEP 3 Executing the strategy

through plans

| 66

STEP 3: EXECUTING THE STRATEGY THROUGH PLANS

STEP OVERVIEW In this step the strategy is converted into actionable plans that articulate who, will do what with which resources, by when and how would it be measured

KEY REQUIREMENTS Allocation of resources for duration of planning period (e.g. people and finance);

Actionable tasks that are assigned to individuals with resources, timeframe and measures of success; and

Ensuring tasks assigned to individuals are clearly communicated, accepted and assigned to those individuals.

CHALLENGES Ensuring that all actionable tasks fall within the overall allocation of available resources and risk boundaries for the planning period; i.e. ensure outcomes are funded.

CHECKLIST: Resource allocation guidance (e.g. budget and manning allocation);

Senior leadership endorsement of plan; and

Tasks are correctly handed over to individuals responsible for the task.

Having great ideas for the future in a strategy isn’t enough. These ideas must be executed. This

requires answering:

WHO WILL DO WHAT WITH WHICH RESOURCES BY WHEN, AND HOW WOULD IT BE MEASURED.

A plan provides this answer by capturing this information into an agreed document. An effective

plan is aligned to the strategy and cascades through to employee performance and development

plans. This enables the strategy to be executed and articulates to employees their role in executing

the strategy.

67 |

ISACA’s COBIT 5 Framework provides a list of generic business goals being cascaded into generic

IT-related goals and in turn being cascaded into IT enabler goals. These may be a starting point

for discussions.

Fundamental to developing an IT plan is understanding what resources are available. These

resources may include financial, human and infrastructure. For instance, expanding computing

infrastructure to meet expected demand for IT services is unlikely to be delivered without financial

and appropriately skilled human resources. Where these resources are unavailable alternate

approaches, such as cloud computing, may need to be explored to achieve the intent of the

strategy. In order to develop a budget with fixed resources tools can be used to determine the

planned resource usage. This should be equal to less than the available resources (e.g. in the

example below if the organisation only had $2 million dollars it would be unable to undertake

both activities).

Once resource constraints are understood activities can be identified and prioritised. These

activities could include process improvement, service improvement, policy development,

technology implementation, operating model refinement and data improvement. Each of the

activities is likely to impact various parts of the IT organisation (plan, build, run and govern) and

may also impact business and industry.

Risk boundary constraints need to be understood and worked within during the strategic planning

and implementation phases. Exceptions should be discussed and agreed by the relevant

governing body.

| 68

STEP 4 Monitoring and adjusting

strategic plans

69 |

STEP 4: MONITORING AND ADJUSTING STRATEGIC PLANSStep overview: In this step the strategic plans are reviewed at regular intervals, and

where necessary, fine-tuned based on business environment changes, or

strategic initiatives that fail to yield expected performance or outcomes.Key requirements: a. Reporting of tasks against agreed measures of success on a frequent

basis;

b. Review of the reporting by the senior leadership on a frequent basis.

Where measures of success are not being achieved the senior

leadership team must make a decision (e.g. invest more resources,

close or modify); and

c. Adapting the strategic plan where planned tasks are not achieving

the measures of success required by the organisation or the external

environmental changes.Challenges: a. Securing resources to monitor and provide reporting to the senior

leadership team on the achievement of tasks in the plan;

b. Understanding when to terminate a task or invest further resources

into a task; and

c. Finding time for the senior leadership team to meet and review

progress of tasks against the time;Checklist: a. Strategic plan updates dictate swift re-allocation of budget and

resources;

b. Appraisal of performance reporting of tasks provided to the senior

leadership (e.g. balanced scorecards);

c. Tasks that require attention; and

d. Environmental changes brought to the attention of the senior

leadership team.

Many assumptions that underpin a strategy and the resultant plans may not survive contact with

the real world or fail as the environment changes. A good example of this is the iPhone and it’s

disruptive impact on the telecommunications market.

Before the release of the iPhone in June 2007 manufacturers such as Nokia, Motorola and Blackberry dominated the mobile phone market. However most of these mobile phone manufacturers failed to quickly adapt their strategic plans to focus on developing new phones that could challenge iPhone and it’s consumer friendly design. This failure has arguably led to many of these manufacturers that dominated the pre-iPhone era to lose significant market share and profits.

| 70

In order to respond to a changing world, and avoid the unfortunate position that companies such

as Blackberry are now in, strategic plans must be monitored. This requires regular leadership

meetings to discuss performance against the strategy and plans and address existing or emerging

problems. It may also require input that includes independent review and assurance by the risk

management or audit functions to ensure the strategic plans are on track.

Tracking realised benefits, residual risks and resources utilised over the strategy horizon is

important. Given performance and environmental change, leaders should also review the set

of goals and milestones required to attain aspirations and ensure they are fit for purpose. Many

organisations strive to gain advantage by having the ability to sense and respond to change quicker

than their competitors. Having the ability to adapt plans, budgets and resources quickly is key.

IMPORTANCE OF INFORMATION IN MONITORING AND ADJUSTING STRATEGY

Understanding external environmental change can feed change requirements internally. Business

capabilities may need to be scaled up or down; key focus areas derived; business cases written,

investment priorities set and the best mix of investments in play.

Getting the right balance between too little and too much information is a difficult task to achieve.

Different stakeholders desire different amounts of information to debate options. The key is to

provide material information up front and allow stakeholders to do a deep dive if and when they

want to. It must be simple to understand and actionable. This is reflected in the following quotes

from professionals:

‘Boards are not ensuring the right information is being fed into the discussions.’

DIRECTOR AND BOARD ADVISOR

‘Boards are receiving excessive information packs’

NON EXECUTIVE DIRECTOR, FINANCIAL SERVICES & MANUFACTURING SECTORS

71 |

‘Not keeping our finger on the pulse of the market.’

‘Not keeping our radar on to sense the market changes and report relevant environmental information.’

STRATEGY PRINCIPAL, FINANCIAL SERVICES

‘Correctly identifying the focus areas.’

COO,FINANCIAL SERVICES

We identify the key capabilities required to deliver our strategy, gaps in those capabilities and then allow that information to steer our investment discussions.’


‘Information is key to strategy.’

‘Boards want quality information as early as possible to underpin the decision making process.’

NON EXECUTIVE DIRECTOR, BANKING AND RESOURCE SECTORS

'Our Board members desire clear, concise quality information reports allowing discussion and debate of alternative options. We do not want the big information packs as they constrain discussions.'

NON EXECUTIVE DIRECTOR, FINANCIAL SERVICES & MANUFACTURING SECTORS

We identify the key capabilities required to deliver our strategy, gaps in those capabilities and then allow that information to steer our investment discussions.’


‘Need to keep your organisation’s radar on and report information that can impact business performance or how you compete’

STRATEGY PRINCIPAL, FINANCIAL SERVICES

| 72

CHALLENGE: ALIGNING PLANS, BUDGETS AND RESOURCE ALLOCATIONS

Boards get frustrated when they have agreed to change strategy, budget and related resources, but find the executive team still working on finishing projects that are no longer aligned to their revised strategy. There is a fine balance between keeping the workforce motivated by delivering projects to a close and changing the direction of the organisation to adapt to market changes.

NON EXECUTIVE DIRECTOR, FINANCIAL SERVICES, MANUFACTURING AND DISTRIBUTION

How well aligned are your organisation’s

strategy and initiatives?

Does your organisation cancel projects?

73 |

Expert Insights

| 74

EXPERT INSIGHTS‘Establish a Board sub-committee for technology – understand what is possible and in the pipeline.’

NON EXECUTIVE DIRECTOR, MANUFACTURING AND FINANCIAL SERVICES

‘Board membership or every strategy decision making committee should include an individual with working knowledge of IT or disruptive technologies’


‘We have a set of IT principles that steer direction and every technology decision.’


It's looking at the costs and payback of the plan. We are currently requiring payback within 12 months of the investment, which is pretty aggressive I think. So for a 3 year plan we need payback of the first year's expenditure in the second year, payback of the second in the third, etc.”

CIO, FINANCIAL SERVICES

‘IT is integral to our business strategy formulation and execution processes.’

GM CORPORATE STRATEGY, BANKING;

‘8 business executives set business and IT strategies. Everyone is on the same page and same journey.’

COO, BANKING SECTOR;

‘We only have business initiatives, sponsored by business executives. Business provides budget for IT. We don’t have any IT initiatives. IT does not sponsor projects.’

COO / CIO, BANKING SECTOR;


CIO AUSTRALIAN GOVERNMENT;


CIO, AUSTRALIAN GOVERNMENT;

‘Business architecture drives our IT architecture.’

STRATEGY AND PLANNING LEAD, FINANCIAL SERVICES;

‘Business capability modelling and assessments drive our investment proposals in technology.’

STRATEGY AND PLANNING LEAD, FINANCIAL SERVICES;

‘Business teams drive business and technology innovation. This works a lot better for us, than IT driving business innovation.‘

GLOBAL RISK MANAGER, FMCG SECTOR.

75 |

SELF ASSESSMENT QUESTIONS

1. Do all strategic planning participants understand strategic threats and opportunities from

technology and innovation possibilities?

2. Does your organisation continuously report and debate disruptive technology options (existing

or emerging) that can improve your business model?

3. Does your organisation have business model vulnerabilities exploited by competitors, or do you

have an aggressive strategy that’s causing a threat on their patch?

4. How does your organisation balance and control short and long term investments in IT?

5. Are strategic planning decisions cascaded into the enterprise architecture?

6. How does technology transform your business; grow your business; keep you in business; what

is possible? What is realistic?

7. Does your Board approve business values, principles or policies to learn and innovate?

8. Does your organisation seek reports on international innovation, trends, patterns and

possibilities?

9. Do all strategic planning participants understand strategic threats and opportunities from

innovation possibilities?

10. Does your organisation debate innovative options that can improve your product, service or

channel portfolio?

11. Does your organisation do scenario planning and mitigate the risks of loss of revenue streams

due to either new market entrants or having to compete against superior business models?

| 76

SAMPLE IT STRATEGIC PLANS

AUSTRALIAN PARLIAMENT HOUSE IT STRATEGIC PLAN ON A PAGE:

Source: http://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Department_of_Parliamentary_Services/Publications/ICT_Strategic_Plan_2013_-_2018

77 |

AUSTRALIAN DEPARTMENT OF IMMIGRATION AND BORDER PROTECTION IT STRATEGIC PLAN ON A PAGE

Source: http://www.immi.gov.au/about/plans/ict-plan/

| 78

Conclusion

79 |

CONCLUSIONAs customer preferences and competitors constantly evolve, technology’s role has increased

dramatically in supporting organisations attack or respond to environmental change.

Technology can and should be seen as an integral partner when pursuing aspirations, as a strategic

enabler of business capabilities; and as a critical stakeholder in supporting new revenue streams via

new products, services, channels and locations. Leaders need to integrate the right IT related goals,

measures and targets into their business strategy.

IT strategy is about having an IT-vision that supports the business-vision and working together to

realise both. This is not realised through sheer chance but through a sequence of steps to develop

the IT strategy and execute it through a strategic plan:

1. Setting the IT vision and IT strategy to attain it;

2. Endorsement of the IT strategy;

3. Implementing the IT strategy through plans; and

4. Monitoring and adjusting the IT strategic plan.

The process described here requires ongoing time and commitment, which explains why many

organisations tend to overlook it. However, it is worth the effort as organisations that fail in IT strategic

planning also tend to fail in realising their IT vision.

By applying the basics contained in this document, you should have the foundation to be a

successful CIO or member of a senior leadership team. Beyond these steps an extensive body of

knowledge has evolved that you can also leverage to help you realise your organisation’s vision for IT.

One such body of knowledge is that found in ISACA’s COBIT 5 framework that highlights approaches:

1. For describing the IT strategy process and its purpose;

2. The desired outcomes;

3. Activities; and

4. Both inputs and outputs to the process.

As we mentioned at the opening of this e-book:

When debating how your organisation can improve IT strategic planning, it is important to

acknowledge different perspectives. Ask your team to read the insights, answer the checklist

questions and discuss:

i. What works well with our organisation’s approach to IT strategic planning?

ii. What changes must we make in our next cycle?

Wishing you continued success with IT strategic planning.

David Roche and Eric Kordt

| 80

Appendices

81 |

APPENDICES

APPENDIX 1: ABOUT THIS E-BOOKPurpose The purpose of this e-book is to highlight insights in IT strategic planning and the building of an

effective IT strategic planning capability. Acknowledging perspectives and problems of different

participants will help facilitate the debate of how organisations can improve IT strategic planning.

ApproachResearch for this e-book was based on qualitative interviews conducted throughout 2013 and 2014.

All statements and contributions made by participants were provided with a view to contribute to

the profession and improve awareness of challenges and good practices in strategic planning.

All comments made were off the record and do not represent statements from any organisation.

Participants all work in Australian organisations of different sizes and from different sectors.

With the partnership of itSMF, ISACA Sydney Chapter’s President David Roche (April 2012 – April

2014) interviewed 44 Board and Management team members across different sectors, who were

keen to contribute to the profession and willing to share their insights, challenges and expert tips.

With the support of Dr Eric Kordt, the IT related findings are being published in this ISACA Sydney

Chapter / itSMF e-book on ‘IT Strategic Planning’.

Enterprise related strategic planning findings are being published in a 150 page ISACA Sydney

Chapter e-book that includes the integration of IT in enterprise strategic planning. Many expert

tips from these interviews and diagrams appear in both publications. For those readers interested

in enterprise strategic planning please refer to the e-book on ‘Strategic Planning: 170 insights

from Australian Board and Management teams – A guide to strategic planning for Board and

Management teams’.

| 82

APPENDIX 2: ISACA’S COBIT 5 FRAMEWORK

ISACA’s COBIT 5 framework helps organisations govern their information and technology.

Examples of its use:

The Board of ISACA International leveraged COBIT 5 to develop its international strategy;

An Australian Bank leveraged COBIT 5 in developing a business capability assessment model;

Many consulting firms, IT and Audit functions leverage ISACA’s COBIT framework to implement

good practices, improve the performance of the IT function and enable trust in and value from their

information systems.

The framework provides a consolidation of practices used by subject matter experts across the

globe on how to:

1. Evaluate the organisation’s needs and direct IT;

2. Align, plan and organise IT;

3. Build, acquire and implement IT;

4. Deliver, service and support IT; and

5. Monitor, evaluate and assess IT.

The framework breaks the IT function up into a number of processes, one of which is managing

strategy.

At a high level, the guidance provided in COBIT 5 on developing an IT strategy is:

1. Understand the enterprise direction;

2. Assess the current environment, capabilities and performance;

3. Define the target IT capabilities;

4. Conduct a gap analysis;

5. Define the strategic plan and roadmap; and

6. Communicate the IT strategy and direction.

For more information on ISACA’s COBIT 5 framework, please refer to www.isaca.org/COBIT

http://www.isaca.org/COBIT

83 |

APPENDIX 3: ISACA’S GOVERNANCE OF ENTERPRISE IT CERTIFICATION

ISACA’s certification exam on Certified in the Governance of Enterprise IT (CGEIT) tests an

individual’s knowledge, experience and judgement in:

1. Strategy management;

2. Benefits realisation;

3. Risk optimisation;

4. Resource optimisation; and

5. IT governance frameworks.

The strategy management module provides guidance to define and implement a strategic planning

framework that:

1. Promotes integration and collaboration of business and business unit plans;

2. Leverages an enterprise architecture framework;

3. Ensures strategic planning is adequately documented, transparent and meets

stakeholder needs;

4. Maintains and updates business unit management plans, artefacts and standards for the

organisation (include enterprise architecture principles, framework and components);

5. Develops policies and procedures for strategic planning;

6. Ensures policies and procedures exist, are understood and followed;

7. Understands the barriers and influences of strategic alignment;

8. Ensures effective communications and engagement exists between business and IT

(if separate functions);

9. Identifies and takes action on barriers to alignment;

10. Ensures all initiatives are aligned with business objectives and priorities. Ensure scope,

objectives and promised benefits within each portfolio of programs and or projects are

aligned with business objectives and priorities;

| 84

11. Ensures business and IT goals cascade throughout the organisation into clear roles and

responsibilities and actions;

12. Identifies and monitors interdependencies of strategic initiatives and impact on value and

risk measures;

13. Monitors and assesses current and future technologies and provide advice on

opportunities, costs and risks that they bring; and

14. Monitors, evaluates and reports on the effectiveness of alignment of enterprise

strategic initiatives.

For more information on this ISACA certification, please refer to www.isaca.org/CGEIT.

http://www.isaca.org/CGEIT

85 |

ABOUT OUR PROFESSIONAL ASSOCIATIONS

ISACA is an international Not-For-Profit member-based professional association. It provides

professional development; research and advocacy; publications; frameworks and certifications on

a global basis for assurance, governance, risk management and information security professionals.

ISACA at an international level has 200 chapters ran by volunteers and over 110,000 members.

3,000+ members in Australia.

Strategy and governance professionals leverage ISACA’s COBIT 5® framework and CGEIT®

certification to set strategies, govern and manage the IT function. ISACA member segments in

Australia include Non Executive Directors, C-Level executives, Directors and specialists in strategy

and architecture, assurance, governance, risk and information security.

itSMF (IT Service Management Forum) is an international Not-For-Profit member based

professional association. itSMF provides professional development, networking, best practice

advice and publications.

A major contributor to industry 'best practice' and Standards worldwide, itSMF works in

partnership with a wide range of governmental and standards bodies around the world. It focuses

on providing a framework to structure IT-related activities and the interactions of IT technical

personnel with business customers and users.

Originally formed in 1991, there are now 56 national itSMF chapters in an ever-increasing number of

countries. On average, at least five new chapters are formed annually contributing to a worldwide

membership in excess of 15,000.

Professionals looking to develop and implement an ICT strategy in which business alignment and

the positioning of ICT as a business service is to the forefront leverage the ITIL® framework. There

are a well established set of ITIL® certifications and qualifications including a Service Strategy

certification. All ‘ITIL Experts’ and ‘ITIL Masters’ are qualified in IT Strategy. ITSMF members

have developed the ISO/IEC20000 global IT service management standard. itSMF has over 2,500

members across Australia. ITIL® is a registered trademark of Axelos PLC.

| 86

ACKNOWLEDGEMENTSISACA and itSMF are very honoured to be in a position to thank 44 amazing business leaders

who have volunteered their experiences via interviews on strategic planning. Many thanks for your contributions to the profession! You made this professional development e-book on IT strategic planning

possible. Special thanks to all of you and to the following expert reviewers who came on the

journey to provide a difference to the business community by validating, guiding and inspiring the

content of this IT strategic planning e-book:

Matthew Smith – an encouraging friend who is a CIO in the Australian government sector;

Justin Clarke – a technology lead in the financial services sector and former Director of itSMF

Christopher Molloy – a leading Portfolio manager in the energy sector;

Jennifer Foo, Lambros Lambropoulos and Paras Shah – 3 passionate assurance

professionals and Directors of ISACA Sydney Chapter; and

Claire Brereton and Brad Busch – 2 passionate IT professionals and Directors of itSMF.

To Brad Busch, Claire Brereton and Juliet Chandler, thank you for arranging interviews with your

colleagues to support this research. Thank you for getting me access to several incredible

business leaders.

To my designer Katherina Bilko of www.sydneyphotographyanddesign.com, you have amazing

talent as a photographer and designer. Many thanks for all the hard work you provided on the

design and graphics in this book.

http://www.sydneyphotographyanddesign.com

87 |

ABOUT OUR AUTHORS

DAVID ROCHE FORMER PRESIDENT ISACA SYDNEY CHAPTER

David was born in Dublin, Ireland and moved to our sunnier shores of Sydney, Australia in 2000.

He has 8 years volunteer Board experience, including 2 years as President/Board Chair, working

with a fantastic team running ISACA Sydney Chapter.

With a burning desire to make a difference to the business community, he voluntarily spent most of

his 2nd year as President, researching and writing on strategic planning practices. He interviewed

44 Board and Management team members across different sectors, who were keen to contribute

to the profession and willing to share their insights, challenges and expert tips. He published his

findings in:

1. ISACA Sydney Chapter's e-book on enterprise strategic planning: ‘Strategic Planning:

170 Insights from Australian Board and Management teams – A Guide for Board and

Management teams’; and

2. With the support of Dr Eric Kordt on IT strategic planning this: ISACA Sydney Chapter

/ itSMF e-book.

David is an independent consultant at Governance Architects. He has 23 years experience solving

business problems for boards; corporate strategy; business architecture; portfolio management;

IT and risk management functions. He holds ISACA’s certifications CGEIT and CRISC. David

recently finished his 2-year term as ISACA Sydney Chapter's President.

| 88

DR. ERIC KORDT STRATEGY AND ENTERPRISE ARCHITECTURE PROFESSIONAL

Having served in the Australian Army (infantry and signals corp) for almost 10 years Eric has

practical experience in leading troops on active military service, solving complex problems under

pressure and leveraging strategy and planning for best effect. With this body of experience Eric

transitioned to the industry where he led several business improvement initiatives before finally

transitioning into the public service where he has been actively involved in IT strategy, planning,

enterprise architecture and business process improvement for the past 8 years. Eric has been a

member of itSMF through his employment in the government sector.

Building on this practical experience Eric has undertaken voluntary work including:

1. Researching and writing material for the Australian National University Public Sector

Linkage Program with the Bangladesh Public Administration Training Centre; and

2. Chairing the Australian Computer Society Annual Conference in 2010.

Eric has various degrees and industry certifications including a Masters of Science (Information

Systems) and a Doctorate of Business Administration. He is in the process of completing a Masters

of Juris Doctor this year.

89 |

DISCLAIMERThis e-book has been written primarily as an educational resource to assist individuals with IT

strategic planning. ISACA Sydney Chapter, itSMF Australia and the authors make no representation

or warranties whatsoever with regard to the content or assurance that if they implement all of the

content that they will have an effective IT strategic planning process.

The content and views portrayed in the book are not those of ISACA, ISACA Sydney Chapter, itSMF

or itSMF Australia. Readers are expected to customise or adapt the findings or concepts in this

book, according to their organisations size, age, maturity, complexity and nature.

RESERVATION OF RIGHTSAll rights are reserved by the ISACA Sydney Chapter. No part of this publication may be copied,

reproduced, modified, distributed, displayed, stored in a retrieval system, photocopied, without

the prior approval from the ISACA Sydney Chapter. Reproduction and use of all or portions of this

publication are permitted solely for academic, internal and non-commercial use, and must include

full attribution of the material’s source.

All trademarks, service marks, registered trademarks, and registered service marks, mentioned in

this publication are the property of their respective owners.

© ISACA Sydney Chapter 2014.

ISBN# 978-0-9925497-2-5

During his term as President of ISACA Sydney Chapter, David Roche ran a project researching strategic planning practices. With the support of itSMF Australia, he interviewed 44 Australian board and management team members on their experiences in strategic planning and reports his findings in 2 insightful books. The first is an ISACA Sydney Chapter book on enterprise strategic planning and the second, with co-author Eric Kordt, is this ISACA/ itSMF Australia e-book on IT strategic planning.

Based on these interviews and validated by expert reviewers, this e-book on IT strategic planning highlights:

• 80 industry insights on IT strategic planning;

• Guidance from board members and C-level executives;

• Guidance from corporate strategy leads on integrating IT in enterprise strategic planning; and

• Comprehensive diagrams on enterprise and IT strategic planning.

Highly recommended if you are looking to validate your organisation’s approach to IT strategic planning against the experiences of 44 board and management team members.

ISACA SYDNEY CHAPTER AND itSMF AUSTRALIA THANK

ALL 44 PARTICIPANTS AND OUR EXPERT REVIEWERS

FOR CONTRIBUTING TO THE PROFESSION

Cover design by Katherina Bilko sydneyphotographyanddesign.com

ISBN# 978-0-9925497-2-5© ISACA Sydney Chapter 2014

http://www.sydneyphotographyanddesign.com

Documents

BOOK REVIEWS - Information Assurance | ISACA · BOOK REVIEWS “The best strategy is one you can implement. ... David Roche and Eric Kordt | 10 Section I Setting the scene Examines