1. Someone acquires IT assets, complying with standards and adapting to current and future use. | Management |
2. Someone aligns governance criteria for organization shaping the use of IT, regarding business strategy and reliance on IT, risk, compliance and decision-making model. | Governance |
3. Someone allocates responsibility, delegation of authority and accountability for IT-related decisions including principles, architecture, infrastructure and sourcing, solutions and investments. | Governance |
4. Someone analyzes satisfaction of stakeholders with IT projects and IT services. | Management |
5. Someone analyzes the satisfaction of stakeholders in relation to IT-based services in operations. | Management |
6. Someone analyzes to what extent IT contributes to the strategic goals of business units. | Governance |
7. Someone approves the organization’s business strategy for IT. | Governance |
8. Someone asks for a Business Continuity Plan (BCP). | Governance |
9. Someone asks for a contingency plan for recovery IT services in the shortest time possible after a serious incident. | Governance |
10. Someone asks for a report of performance of IT regularly. | Governance |
11. Someone asks for an external audit of IT services. | Governance |
12. Someone asks for an internal audit of IT services. | Governance |
13. Someone asks for infrastructure and architecture plans to prevent IT obsolescence. | Governance |
14. Someone asks for IT acquisition planning. | Governance |
15. Someone asks for reporting about risks and security problems that may affect the continuity of services, so that they can decide on risk awareness and risk appetite for the organization. | Governance |
16. Someone asks for reporting of key performance indicators related to IT assets and strategy. | Governance |
17. Someone assigns responsibility for understanding the IT-related standards. | Governance |
18. Someone assigns the responsibility of being aware of IT-related legislation, norms and standards. | Governance |
19. Someone assigns the responsibility of directing and controlling IT assets to the CIO structure/office. | Governance |
20. Someone builds an IT governance framework considering IT and business market performance directions. | Governance |
21. Someone builds an IT governance framework considering stakeholders’ interests. | Governance |
22. Someone builds an updated reference catalogue that contains the IT-related standards applicable or already applied in the organization. | Management |
23. Someone checks the emerging IT in the technological and business markets. | Management |
24. Someone checks IT plans and policies to align with the organization’s objectives in required timeframes and using allocated resources. | Management |
25. Someone checks the level of IT skills of stakeholders. | Management |
26. Someone checks business work practices to ensure consistency with the use of IT. | Management |
27. Someone creates the architecture committee. | Governance |
28. Someone creates the IT audit committee. | Governance |
29. Someone creates outsourcing, out provisioning, etc., and other externalization policies committees. | Governance |
30. Someone creates the risk policy committee. | Governance |
31. Someone creates the structure (committee) for developing IT strategy and IT policy. | Governance |
32. Someone defines how to continuously improve value of IT assets via new ideas and technologies. | Management |
33. Someone defines and controls service and infrastructure components, maintains histories, plans and present statuses of service and infrastructure, keeps integrity and stability of IT assets. | Management |
34. Someone defines and publishes a catalogue with all kinds of IT-related policies to guide the organization about IT implementation. | Governance |
35. Someone delegates decisions about IT in a transparent and effective manner. | Governance |
36. Someone designs a long-term program for implementing IT development. | Management |
37. Someone designs a performance policy for business based on IT. | Governance |
38. Someone designs a policy for IT projects and IT services benchmarking. | Management |
39. Someone designs a professional career structure reflecting promotions based on the acquisition of IT skills and on successes obtained during change processes. | Management |
40. Someone designs a set of IT policies aligned with the business strategy. | Governance |
41. Someone designs a supplier relationship guide. | Management |
42. Someone designs an acquisition policy. | Governance |
43. Someone designs an IT governance framework considering laws and regulations. | Governance |
44. Someone designs and disseminates a policy that promotes the general use of IT-related professional standards and best practices within the organization. | Management |
45. Someone designs IT innovation policy. | Governance |
46. Someone determines if there is a need to review and when appropriate, revise the strategy for IT and associate policies. | Governance |
47. Someone determines what information must be received to take decisions about IT performance. | Governance |
48. Someone directs IT change organizational programs considering resources and skills, stakeholder involvement and responsibilities, budget and schedule, dependencies with business and prioritization of initiatives. | Governance |
49. Someone directs plans to be carried out according to the assigned IT responsibilities. | Governance |
50. Someone directs the design and publication of a set of internal procedures and regulations that implement the previously defined IT policies. | Governance |
51. Someone ensures accumulation and inheritance of IT assets during the period of service lifecycle via creation, sharing and application of knowledge. | Management |
52. Someone ensures enough resources to maintain quality and performance of IT services. | Management |
53. Someone ensures its appraisal of external factors that may drive business opportunities and risk thereby mandating IT-related business change responses. | Governance |
54. Someone ensures reasonable developments of IT assets by analyzing related parties’ requirements making strategies that conform to the goals of IT resources, implementing and evaluating strategies as well as improving strategic capability of IT. | Management |
55. Someone ensures that the availability of IT services meets demands of business operations and continues to optimize. | Management |
56. Someone ensures that documents are in the condition of effective management by normalizing every activity during life cycle. | Management |
57. Someone ensures that IT activities are consistent with identified Human Behaviors. | Management |
58. Someone ensures that IT infrastructures and IT services can be restored within specific time after a disaster to support the overall business continuity requirements. | Management |
59. Someone ensures that policies are developed to guide organizational behavior. | Governance |
60. Someone ensures that service level agreements have been set up with all IT service users. | Management |
61. Someone ensures that the organization has the IT-related capabilities required to support and sustain business operations. | Governance |
62. Someone ensures that the organization’s external and internal environments are regularly monitored and analyzed. | Governance |
63. Someone ensures that the outputs of every level of organizations and IT staff are in accordance with the targets of IT assets, driving realization of strategy targets via improving work performance of organizations and IT staff. | Management |
64. Someone ensures that there are mechanisms to clarify and interpret objectives, strategies and policies as emergent issues arise. | Governance |
65. Someone ensures that there is a commitment and capability within the organization to undertake required changes. | Governance |
66. Someone ensures the effective implementation of each IT staff function and realization of management targets via set of organizational structure and job responsibility. | Governance |
67. Someone ensures well-organized duty works as well as safe and stable operations of IT via standardizing responsibilities, working discipline and behaviors of duty work. | Management |
68. Someone establishes a framework model for IT-related decisions, responsibilities and provision of information related to IT governance. | Governance |
69. Someone establishes an IT governance framework considering board expectations. | Governance |
70. Someone establishes an IT project, program and portfolio methodology for planning acquisitions. | Management |
71. Someone establishes responsibilities for information structure and the intelligent analysis thereof from a strategic standpoint. | Governance |
72. Someone evaluates appropriate costs for IT strategy. | Governance |
73. Someone evaluates business satisfaction in relation to the use of IT. | Governance |
74. Someone evaluates business strategy, business portfolios, risk awareness and business performance related to IT. | Governance |
75. Someone evaluates gaps that require changes to achieve desired outcomes for the organization based on assessment criteria to evidence success/failure. | Governance |
76. Someone evaluates integrity of information and protection of IT intellectual property. | Management |
77. Someone evaluates IT capabilities and capacity management. | Management |
78. Someone evaluates IT projects, programs and portfolios methodology. | Management |
79. Someone evaluates IT services to realize approved proposals, balancing risks, and value for money of proposed investments. | Governance |
80. Someone evaluates IT systems to ensure long-term business strategy. | Governance |
81. Someone evaluates key aspects of organization related to IT assessments and decisions regarding business goals and strategy, risk appetite, performance, IT culture, IT maturity, training and competence, innovative use of IT, assurance reporting, key business processes IT supported and partner engagement. | Governance |
82. Someone evaluates the options for providing IT. | Governance |
83. Someone evaluates reports with the results of the internal and external audits, which clearly express the level of the organization’s level of compliance with regulations and the risks that these entail. | Governance |
84. Someone evaluates security reports and remediation of not conformance with regulations. | Governance |
85. Someone evaluates security reports and remediation of possible information leakage. | Governance |
86. Someone evaluates that IT supports achieving business objectives and risk appetite. | Governance |
87. Someone evaluates that organizational use of IT complies with relevant laws, regulations. | Governance |
88. Someone evaluates that the business strategy makes the most effective use of IT to achieve business objectives. | Governance |
89. Someone evaluates value core of IT assets, create excellent cultural environments for sound developments, and provide powerful ideological and behavior guarantee by combing, implanting and continuously constructing organizational culture. | Governance |
90. Someone evaluates the consistency of Human Behavior in relation to IT activities. | Governance |
91. Someone evaluates the effectiveness of the IT Strategy in support of the Business Strategy. | Governance |
92. Someone evaluates the information that they need to meet their responsibilities and accountability. | Governance |
93. Someone evaluates the residual risk level within risk appetite of the organization. | Governance |
94. Someone evaluates the satisfaction of stakeholders with IT policies and strategy. | Governance |
95. Someone evaluates the segmentation of stakeholders for IT change processes. | Governance |
96. Someone evaluates whether enough human resources are available to undertake new IT initiatives, avoiding overloads. | Governance |
97. Someone evaluates whether IT governance processes are properly carried out in the organization. | Governance |
98. Someone evaluates whether IT projects and IT services take into account IT-related external regulations and laws and policies and internal procedures. | Governance |
99. Someone evaluates whether the organization conforms to its system (organizational policies and guidelines) for the Governance of IT. | Governance |
100. Someone formulates Human Behavior Policy and Plan. | Management |
101. Someone formulates the capacity planning strategy for IT assets. | Management |
102. Someone gathers business requirements and decides IT service level. | Management |
103. Someone implements a process for alignment between IT assets and IT capabilities. | Management |
104. Someone implements a process for assessing and evaluating risks of the current IT strategy. | Management |
105. Someone implements a process for assessing the risks associated with the use of IT during disaster recovery to address the continuing normal operations of business. | Management |
106. Someone implements a process for assigning accountability and delegation of competencies related to establishing the organization’s performance indicators. | Management |
107. Someone implements a process for becoming aware of the IT-related needs and concerns of stakeholders. | Management |
108. Someone implements a process for building a Balanced Score Card for IT assets. | Management |
109. Someone implements a process for building a catalogue of indicators to act on IT assets. | Management |
110. Someone implements a process for carrying out project control in terms of scope, schedule, quality and cost based on the strategic targets of IT to ensure effective implementation of project and execution of strategic targets. | Management |
111. Someone implements a process for checking competency of the assigned responsibility. | Management |
112. Someone implements a process for checking effectiveness, efficiency, and acceptable use and delivery of IT in support of current and future business objectives. | Management |
113. Someone implements a process for checking IT assets life cycle policies and processes. | Management |
114. Someone implements a process for communicating IT-related internal policies and regulations to facilitate their dissemination in the organization. | Management |
115. Someone implements a process for delegating decisions ensuring that the governance body is able to take final accountability. | Management |
116. Someone implements a process for determining service catalogue and the agreed service level agreements with related parties, ensuring service capabilities meet requirements of related parties and are measurable. | Management |
117. Someone implements a process for directing and communicating the need to meet the responsibilities and accountabilities. | Management |
118. Someone implements a process for encouraging submission of proposals for innovative uses of IT. | Management |
119. Someone implements a process for environmental reviews for preparing strategic plans for approval by the governance body including regulatory environment, technological advances, generational trends, skills availability, competitive forces, market development, stakeholder requirements and external threats. | Management |
120. Someone implements a process for establishing review mechanism for significant incidents, controlling risks in advance, reducing operation risks of IT assets. | Management |
121. Someone implements a process for evaluating, selecting and prioritizing IT projects. | Management |
122. Someone implements a process for external audits to check whether IT projects and IT services comply with IT-related external laws and regulations and internal policies and procedures. | Management |
123. Someone implements a process for formulating current and future business objectives related to use of IT (including IT infrastructure, IT services and IT delivery). | Management |
124. Someone implements a process for identifying necessity of external laws and regulations as well as monitoring requirements for IT assets management, reasonably plan and implement to control potential risks. | Management |
125. Someone implements a process for identifying and analyzing risk factors arising from resistance to change or lack of commitment of stakeholders. | Management |
126. Someone implements a process for implementing lifecycle management for architecture and technology, such as data, applications, and infrastructure, achieving balance between income and the risk introduced by the architecture and technology. | Management |
127. Someone implements a process for improving fund application benefit and ROI (return on investment) via the management of budget and business accounting of IT assets in the case of financial compliance. | Management |
128. Someone implements a process for including activities to mitigate risk related to a lack of commitment in IT projects. | Management |
129. Someone implements a process for internal audits to check whether IT projects and IT services comply with IT-related external laws and regulations and internal policies and procedures. | Management |
130. Someone implements a process for making Health, Safety and Environmental (HSE) management strategies for physical environments, implement treatment measures, realize guarantee in terms of personnel, environments and etc., and avoid significant injury accidents of environments or personnel. | Management |
131. Someone implements a process for managing all kinds of change activities, controlling change risks, reducing impact of changes on production operation, and ensuring safety and stable operation of IT assets. | Management |
132. Someone implements a process for managing risks in accordance with policies and procedures, escalated to relevant decision makers. | Management |
133. Someone implements a process for measuring acknowledgement and understanding of IT policies. | Management |
134. Someone implements a process for monitoring continuously IT projects and IT services in operation for cost control and financial performance. | Management |
135. Someone implements a process for monitoring of disposal of assets and data. | Management |
136. Someone implements a process for monitoring of IT budget and resource prioritization. | Management |
137. Someone implements a process for normalizing IT human resource management of recruitment, training, appointment and retaining, ensuring staff meet the requirements of IT assets before, during and after appointment. | Management |
138. Someone implements a process for normalizing supplier management, ensuring suppliers provide superior external technology resources and supports for IT assets. | Management |
139. Someone implements a process for obtaining relevant information, properly sourced, collected, and analyzed to be presented to the governance body. | Management |
140. Someone implements a process for realizing continuous improvement and promotion of service capability through the IT service identification of support business process and implementation of improvement. | Management |
141. Someone implements a process for reducing stakeholders’ resistance to an IT-based change process. | Management |
142. Someone implements a process for regular compliance assessment of IT use with relevant obligations, standards, and guidelines. | Management |
143. Someone implements a process for restoring normal service operation within the shortest time, minimizing the negative impact of business operations, and ensure to keep service quality and availability level. | Management |
144. Someone implements a process for selecting, evaluating and monitoring the IT acquisitions organization and suppliers. | Management |
145. Someone implements a process for SLA establishment for suppliers and third parties. | Management |
146. Someone implements a process for strategic alignment with governance body directions. | Management |
147. Someone implements a process for synchronizing business strategy and risk awareness of organization. | Management |
148. Someone implements a process for taking corresponding actions to improve effects of risk responses through measuring uncertainty and the influence on the targets. | Management |
149. Someone implements a process for taking actions to eliminate deep causes to prevent recurrence of incidents or problems, reduce the impacts of repeatable incidents, and improve service quality and stability of IT assets. | Management |
150. Someone implements a process for the delegation of authority from governance body to management. | Management |
151. Someone implements a process for training related to the compliance of internal procedures with external laws and policies. | Management |
152. Someone implements a process for training stakeholders in IT projects and services. | Management |
153. Someone implements a process for updating IT governance information based on standards. | Management |
154. Someone implements a process for updating IT management information based on standards. | Management |
155. Someone implements a process of formulating the capacity planning strategy for IT assets. | Management |
156. Someone implements a process to achieve real-time control of operation situation, and detect and solve abnormal operations via collection, classification and solving of application and operating information of IT infrastructures. | Management |
157. Someone implements a process to create new value by use of IT aligning the organizational strategy. | Management |
158. Someone identifies the roles and responsibilities related to IT governance and strategy. | Governance |
159. Someone keeps track of change management of strategic IT innovation. | Management |
160. Someone measures accurately IT spending. | Management |
161. Someone measures IT projects and IT services results. | Management |
162. Someone measures workload in IT projects and evaluates if appropriate. | Management |
163. Someone monitors alliances and collaborations with other organizations for data governance. | Governance |
164. Someone monitors appropriate and timely reporting on the evidence of success and change management. | Governance |
165. Someone monitors conformance reporting. | Governance |
166. Someone monitors for obtaining value from the use of IT. | Governance |
167. Someone monitors if there are deviations in service level agreements and corrective measures adopted. | Governance |
168. Someone monitors infrastructure and architecture obsolescence. | Governance |
169. Someone monitors IT investments plan and acquisition. | Governance |
170. Someone monitors IT projects current development and major drawbacks. | Governance |
171. Someone monitors level of uptake of IT management and IT governance standards. | Governance |
172. Someone monitors risk IT management reporting. | Governance |
173. Someone monitors that appropriate IT mechanisms for governance of IT are established. | Governance |
174. Someone monitors that IT risks identified related to Human Behavior are managed. | Governance |
175. Someone monitors that those given responsibility acknowledge and understand their responsibilities. | Governance |
176. Someone monitors the achievement of beneficial outcomes related to key aspects of IT deployment and use including business engagement, strategic alignment, business case realization, IT service delivery, service level and support, information security, risk, education and training. | Governance |
177. Someone monitors the level of knowledge concerning IT policies and laws in the organization. | Governance |
178. Someone monitors the performance of those given responsibility in the governance of IT. | Governance |
179. Someone monitors whether the inefficient use of IT affects its performance and communicates to stakeholders about how to correct it. | Governance |
180. Someone appoints special governance structures including Governance Steering Group, Risk Committee and Audit Committee. | Governance |
181. Someone plans acquisitions following directions from governance body. | Management |
182. Someone plans audit of IT assets to control potential risks of operation management. | Management |
183. Someone plans information security strategies and measures to reduce risk information assets face in the operation environments to acceptable level, so as to ensure availability, confidentiality and integrity of information. | Management |
184. Someone promotes communication to disseminate the importance of IT governance. | Governance |
185. Someone promotes proper communication of IT policies. | Governance |
186. Someone promotes training plan for IT usage. | Governance |
187. Someone provides channels to receive user requests and standard services, provides users and customers with information and handling matters. | Management |
188. Someone provides leadership in developing strategies. | Governance |
189. Someone publishes a set of criteria for evaluating, selecting and prioritizing IT projects. | Governance |
190. Someone publishes an IT acquisition protocol including responsibilities for supplying information and decision-making. | Governance |
191. Someone publishes the benefits of IT projects and IT services. | Management |
192. Someone reduces or avoids deployment risks, decreases the number of incidents caused by the improper deploy of IT services. | Management |
193. Someone regularly analyzes the requirements of stakeholders. | Governance |
194. Someone regularly reviews which IT assets should be monitored by the board or should be delegated. | Governance |
195. Someone reinforces communication and relationship maintenance between IT staff and the related parties, such as customers, regulators or parent bodies, partners, suppliers, governments, etc., so as to realize mutual benefits. | Management |
196. Someone reports on IT Service Someone, Project Someone, Quality Someone, Resource management, supplier management process, IT Change Someone, IT Incident Someone and IT Cost Someone. | Management |
197. Someone reviews benefits and risks of externalization of services. | Governance |
198. Someone reviews security measures in place to maintain the integrity and quality of information. | Management |
199. Someone reviews stakeholders’ participation in IT innovation. | Governance |
200. Someone reviews the acquisition policy, plans and relationships with suppliers and third parties. | Governance |
201. Someone reviews the financial resources to ensure IT innovation. | Governance |
202. Someone reviews the IT decisions, responsibilities and provision of information related to IT governance. | Governance |
203. Someone reviews the IT strategy plan. | Governance |
204. Someone reviews the long-term program of IT development. | Governance |
205. Someone reviews updated reference catalogue as compilation of IT-related regulations and laws that affect the organization. | Governance |
206. Someone runs the capacity planning strategy for IT assets. | Management |
207. Someone selects and prioritizes IT projects, programs and portfolios. | Governance |
208. Someone sets the responsibilities for evaluating emerging IT. | Governance |
209. Someone sets up a strategy structures (committees) to design the IT governance and strategy. | Governance |
210. Someone takes into account any associated risk that might arise from strategy. | Governance |
211. Someone takes into account the implications of the strategy for achieving business objectives. | Governance |
212. Someone understands the business readiness for any major changes proposed as part of the business strategy. | Governance |