- Home
- Products
- Services
- Support
- Getting Started
- Documentation
- System Governance Handbook
- Table of contents
- Chapter 1. Introduction
- 1.1. An overview of system governance
- 1.2. About this book
- 1.3. Uses of system governance
- 1.4. Principles of system governance
- Chapter 2. System governance roles and responsibilities
- 2.1. IT decision makers
- 2.2. System governance sponsor
- 2.3. System governance manager
- 2.4. System governance committee
- 2.5. Other roles
- Chapter 3. System governance tools and techniques
- 3.1. Metrici Advisor
- 3.2. Assessment
- 3.3. Validation
- 3.4. Analysis
- 3.5. Criterion maintenance
- Chapter 4. System governance processes
- 4.1. Process overview
- 4.2. Business case
- 4.3. Initiation
- 4.4. Roll out (waterfall)
- 4.5. Roll out (iterative)
- 4.6. Annual review
- 4.7. Interim review
- 4.8. Project review
- 4.9. System review
- 4.10. Comparison and evaluation
- 4.11. Compliance audit
- 4.12. Proof of concept
- Appendix A. System governance reports
- A.1. Terms of reference
- A.2. System portfolio review report
- A.3. Iterative review report
- A.4. System governance review report
- A.5. Interim review report
- A.6. Evaluation review report
- A.7. Compliance audit report
- Appendix B. Example reports
- B.1. Example terms of reference
- B.2. Example system portfolio review report
- Appendix C. System governance meetings
- C.1. Committee briefing
- C.2. Criteria development workshop
- C.3. Iterative review meeting
- C.4. System governance review workshop
- C.5. Interim review meeting
- C.6. Evaluation criteria development workshop
- Appendix D. System governance training
- D.1. System governance overview
- D.2. System governance with Metrici Advisor
- D.3. System governance alignment
- D.4. Comparison and evaluation
- Appendix E. Cross reference
- Index
- System governance: the missing link in IT governance
- System Governance Handbook
- Contact Support
- FAQs
- Customers
- Contact Us
- Sign On
B.2. Example system portfolio review report
Previous | Next | Up | Contents
This is an example system governance portfolio review report for the Bristol and Bath Bank (BBB), a fictitious financial services company. System governance has been adopted by Central Management Services (CMS), BBB's in-house IT department.
The report is entirely fictitious; any resemblance to a real organisation is unintentional.
For brevity, the fictitious organisation is shown as only having a small number of systems. Most organisations would have many more systems than this example, and notional values would be much higher than shown in this report.
See Section A.2, System portfolio review report for more details.
System Portfolio Report
BBB has made strong progress in meetings its IT objectives, against a backdrop of a significantly expanding system portfolio. About 40% of BBB's IT systems are now classed as excellent; last year none were.
Further improvements with a notional value of £714,000 have been identified. The most significant recommendation is to consider the renovation of the Mortgage system.
Fit to objectives up 7.1 percentage points to 80.4%.
Like-for-like fit to objectives up 4.3 percentage points.
System portfolio size up 32.9%.
Systems with an excellent fit to objectives:
| BACS Gateway |
| Cash ISA |
| Customer Database |
| IR Gateway |
| Profitability MIS |
Systems with excellent improvement:
| Cash Management |
| Cheque Vouching |
| Customer Database |
The figures after the recommendations are the notional value of meeting the recommendation. The *'s represent a relative scale of risk, where * = significant risk, ** = more significant risk, and so on.
-
Cash Management: upgrade server (£5,000,*).
-
Corporate Email: improve recovery plans (£27,000,**).
-
eSavings: improve support for money laundering regulations (£23,000,*).
-
Mortgage: clarify potential to support group services, and then either undertake significant renovation work, or improve capacity of current system (£276,000,***).
-
Travel Money: include additional points in post implementation review (£111,000,~).
-
Unsecured Loans: improve application integration, especially data extracts to support regulatory requirements (£160,000,**).
-
Review technology policy to ensure systems continue to run on viable technology (£126,000).
-
Review policy on standardisation of interfaces to support group-level service consolidation (£138,000).
When calculating the total value of improvements, the value of the two policy improvements has been halved to avoid double counting with system improvements.
This system portfolio review report summarises the results of the system governance annual review. It provides summary measures which show how well BBB's IT systems meet objectives. It recommends system and policy improvements to better meet objectives, and estimates a notional value to the improvements.
The report is a summary of a detailed analysis. The detailed analysis includes an assessment of every system against every objective, which has been verified for accuracy and validated that it measures the objectives consistently. Further detail is available on any aspect of the analysis or supporting information.
The report only identifies the main recommendations that warrant specific senior management attention. During the course of the year, the ongoing assessment process has fed back numerous recommendations to CMS, many of which have been acted on or which are part of other proposals.
The notional values are based on an aggressive payback period of 2.5 years, and a margin for inaccuracies in assessment and weighting.
Recommendations with a relatively low value are still important; they typically represent significant risk areas, rather than areas with a direct financial payback.
The notional value chiefly estimates cost reduction within CMS, not value across the broader business. When considering the business case for the recommendations, also consider broader business value and cost.
The analysis does not attempt to estimate the cost of making the recommendations, but limits itself to estimating the value.
The objectives of system governance and the parameters used for analysis are set out in the System governance terms of reference version 2.2 dated November 2006.
The objectives to which system governance contributes are:
-
Reduce long-term cost and risk by applying industry best-practice.
This objective is represented by selecting from industry standard criteria those that have the greatest impact on cost and risk. These criteria have been given a total weighting of 50%.
-
Achieve AFSG's requirements to consolidate services across group companies.
This objective is represented by three criteria against which systems can be measured.
-
The ability to represent multiple brands within the system.
-
The ability to interface in a standard way with systems across the group (avoiding “stovepipe” integration).
-
Being assessed for group-level potential.
These criteria have been given a total weighting of 25%.
-
-
Meet all legal and regulatory obligations efficiently and transparently.
This objective is represented by the following criteria, which represent the areas of regulation that represent the most work to BBB:
-
Money laundering regulations.
-
Data protection act.
-
Cancellation rights.
-
Other regulation.
-
-
Monitor outsourced systems, and work collaboratively with the service provider to increase the quality and stability of these systems. This does not require new criteria, but requires that the systems outsourced to Isisco are included within the scope of system governance.
The objectives are reflected in a set of criteria against which systems are measured. The measurements form the basis of this review.
System governance calculates “improvement points”, which is a relative measure of the importance of different improvements. The improvement points can be translated to a notional value so that they can be compared with other business investments.
Notional values are based on a value of £520 per improvement point. This means that every 1% improvement in a system of relative size 1 is valued at £520.
(The improvement point value was agreed last year. The total potential improvement was valued at £570,000 per year. Given a payback period of 2.5 years, the investment that would break even on this improvement is £1.425m. This was divided by the total improvement points for last year (2050 points) to give an improvement value of £695. This was reduced by a safety margin of 25% to give an improvement point value of £520. The same figure has been retained for this year.)
Analysis should provide:
-
Overall score and improvement.
-
Like-for-like score and improvement, which excludes decommissioned and new systems.
-
Scores and value of improvement by system and by criterion.
-
A comparison of outsourced and in-house maintained systems.
-
A comparison of new and existing systems.
The terms of reference sets out the conditions under which system governance should identify special cases.
A system is considered excellent if either its score is 90% or higher, or its improvement in score is 5% or higher.
A system is considered a candidate for improvement if any of the following conditions apply:
-
Score below 70%.
-
Score has reduced by more than 5%.
-
Notional value of improvements £100,000 or higher.
-
Any priority 1 or 2 issues outstanding.
-
Three or more priority 3 issues outstanding.
Issues have been converted to “risk stars” by awarding 9 points for priority 1 issue, 3 points for a priority 2, and 1 point for a priority 3, and then awarding a * for each 3 points.
A criterion is considered a candidate for improvement if the value of improvements across all systems for that criterion is £1,000 or higher per total of system size. (This indicates areas where there may be a value in changing policy.) Because of the relatively small number of systems within BBB, criteria are not analysed further.
| System at previous annual review | 14 |
| Systems added | 5 |
| System removed | 2 |
| Current system count | 17 |
| Total size of systems at previous review | 76 |
| Size of new systems | 27 |
| Size of removed systems | 2 |
| Current system size | 101 |
Increase in total size = (101 - 76) / 76 = 32.9%.
The systems removed were:
| Income Reporting (replaced by Profitability MIS) |
| Payroll (now run as part of group payroll) |
The systems added were:
| Cash ISA |
| Currency Trading |
| IR Gateway |
| Profitability MIS |
| Travel Money |
| Overall score | 80.4% | +7.1% |
| Like-for-like | 78.0% | +4.3% |
| New systems | 87.0% | n/a |
| In-house maintained | 82.0% | +1.1% |
| Outsourced | 75.8% | +3.8% |
The increases are percentage points increase (this year's score minus last), not percentage increase.
Like-for-like shows the score excluding from last year the systems that have been decommissioned, and excluding new systems from this year.
In-house maintained excludes new systems and systems that have undergone major redevelopment, to provide an equitable base for comparison with outsourced systems.
These summary scores all show good improvement. This is especially noteworthy given the increase of almost one-third in the total size of the system portfolio.
The new system score is higher than the other scores. This shows that CMS is successful in replacing old systems with better new systems.
The table below summarises the results by system. It shows the relative size of the system, score, percentage points change from last year, an estimate of the notional value of making further improvements to the system, the number of outstanding priority 2 and 3 issues, and a risk rating. (No system has any outstanding priority 1 issues.)
|
System |
Size |
Score |
Change |
Value |
Pri. 2 |
Pri. 3 |
Risk |
|---|---|---|---|---|---|---|---|
|
BACS Gateway |
3 |
90.6 |
+2.5 |
14,609 |
0 |
1 |
|
|
Cash ISA |
7 |
92.5 |
n/a |
27,209 |
0 |
0 |
|
|
Cash Management |
5 |
79.1 |
+5.0 |
54,340 |
1 |
1 |
* |
|
Cheque Vouching |
2 |
79.1 |
+5.0 |
21,710 |
0 |
2 |
|
|
Corporate email |
3 |
82.5 |
0.0 |
27,253 |
1 |
3 |
** |
|
Currency Trading |
4 |
84.2 |
n/a |
32,864 |
0 |
2 |
|
|
Customer Database |
8 |
90.8 |
+34.6 |
38,251 |
0 |
0 |
|
|
eSaving |
10 |
82.3 |
-2.0 |
92,300 |
1 |
1 |
* |
|
General Ledger |
5 |
80.3 |
+3.0 |
51,220 |
0 |
2 |
|
|
HR |
1 |
70.0 |
+3.0 |
15,590 |
2 |
0 |
** |
|
IR Gateway |
2 |
93.6 |
n/a |
6,630 |
0 |
0 |
|
|
Mortgage |
15 |
64.6 |
-4.4 |
276,315 |
2 |
5 |
*** |
|
Profitability MIS |
2 |
96.0 |
n/a |
4,118 |
0 |
0 |
|
|
Tessa |
4 |
66.0 |
+3.0 |
70,730 |
0 |
4 |
* |
|
Travel Money |
12 |
82.1 |
n/a |
111,852 |
0 |
2 |
|
|
Unsecured Loans |
15 |
79.5 |
+2.5 |
159,705 |
1 |
3 |
** |
|
User desktop |
3 |
83.9 |
+4.8 |
25,186 |
0 |
2 |
The table below summarises results by criterion (the results are the average score for the criterion weighted by system size).
|
Criterion |
Weighting |
Score |
Change |
Value |
|---|---|---|---|---|
|
Automated interfaces |
6.50 |
90.9 |
+7.4 |
31,096 |
|
System performance |
3.00 |
81.0 |
+8.2 |
29,952 |
|
Service availability |
3.00 |
88.9 |
+1.1 |
17,472 |
|
Information accuracy |
3.00 |
94.5 |
-1.2 |
8,658 |
|
Service level agreement |
6.10 |
83.9 |
-3.0 |
51,545 |
|
System security |
5.70 |
91.7 |
+2.1 |
24,749 |
|
System recovery plans |
2.90 |
86.4 |
+0.9 |
20,660 |
|
Test quality |
1.30 |
69.7 |
-2.8 |
20,686 |
|
System autonomy |
5.10 |
70.9 |
+1.5 |
77,969 |
|
Ease of reporting |
2.50 |
80.4 |
+2.2 |
25,675 |
|
Technology viability |
8.20 |
70.8 |
-5.9 |
125,788 |
|
Capacity and scalability |
2.70 |
81.7 |
+7.3 |
25,974 |
|
Multi-brand capability |
10.00 |
76.0 |
+14.5 |
126,100 |
|
Standardised interfaces |
10.00 |
73.7 |
+14.0 |
138,060 |
|
Group-level potential assessed |
5.00 |
92.6 |
+44.5 |
19,500 |
|
Money laundering regulations |
6.00 |
74.5 |
+4.4 |
80,340 |
|
Data protection act |
8.00 |
88.9 |
+8.9 |
46,800 |
|
Cancellation rights |
6.00 |
76.0 |
+5.6 |
75,660 |
|
Other regulation |
5.00 |
68.3 |
+9.1 |
83,200 |
The criteria for service consolidation (multi-brand capability, standardised interfaces and group-level potential assessed) all show very good improvements. The same is true for the criteria for legal and regulatory compliance (money laundering, data protection, cancellation rights and other regulation). This shows BBB's success in improving in these priority areas.
The following systems have met the conditions for excellence:
-
BACS Gateway
Score of 90.6%, up 2.5% from last year.
-
Cash ISA
This new system has a score 92.5%.
-
Cash Management
Improvement of 5.0% from last year, now at 79.1%.
-
Cheque vouching
Improvement of 5.0% from last year, now at 79.1%.
-
Customer database
The rewrite of the customer database has been a major success. The customer database now scores 90.8%, up 34.6% from last year.
-
IR Gateway
This new system has a score 93.6%.
-
Profitability MIS
This new system has a score of 96.0%, the highest score of any system at BBB.
Cash Management has one priority 2 issue: it is running out of processor and memory capacity.
Recommendation: Upgrade processors and memory capacity on cash management server.
The notional value of improvement is only £5,265, but the improvement in capacity is required to remove the significant risk of disruption to service.
Corporate Email has 1 priority 2 issue and 3 priority 3 issues.
The priority 2 issue is that the recovery plans for email are insufficient. In the case of a disaster, email service and historic emails may be lost.
Priority 3 issues include performance, security and meeting the requirements of the data protection act. (It is not clear whether personal information stored within the email systems falls within the scope of the act.)
Recommendation: Review Corporate Email in line with the recent analysis of the service, and investigate further the case for changes. In particular, ensure that recovery plans for the email service and for historic email meet requirements.
The notional value of improvements to the email system is £27,253.
The eSaving system has one priority 2 issue: it is very inefficient at meeting money laundering regulations. It requires manual queries followed by copy+paste to inform authorities of transactions that fall within the money laundering regulations. Although this meets legal requirements, performing and then checking the queries is very time consuming.
The notional value of meeting this requirement fully is £23,400.
Recommendation: Investigate and implement a more efficient method for the eSaving system to meet money laundering reporting regulations.
The HR system has two priority 2 issues: it is not sufficiently secure, and it is uncertain whether it can be recovered after a disaster.
The HR system has recently been outsourced to Isisco, and they have improved the system over the past year. Their ongoing improvement plan includes improvements in security and inclusion of the HR system within the main system recovery plan.
The notional value of addressing these problems is £3,429.
Recommendation: No further action required, improvement is planned.
The mortgage system is considered a candidate for improvement for a number of reasons:
-
It has a score of 64.6 (down 4.4% on last year), below the 70% threshold.
-
The notional value of improvements is £276,000, above the £100,000 threshold.
-
It has 2 priority two issues: it uses technology that is not considered viable, and it is running out of capacity.
-
It has 5 priority 3 issues.
This is a very significant system for BBB. The system has undergone modification this year to meet urgent business requirements. These modifications have resulted in a decline in test quality and system autonomy. The underlying hardware has not been upgraded, which has resulted in lower scores for service availability and capacity. Because of the changes, the system has not been fully assessed for group level potential, but it can not support multiple brands well and many of its interfaces are very “stovepipe” and could not readily support data flows to and from other group companies.
Fixing all these problems would be a significant undertaking for BBB. The success with the Customer Database shows that BBB has the capability for major renovation, and the notional value of fixing all the problems (£276,000) indicates that this could be worthwhile. However, the future of the system does depend on the group-level review of service consolidation. It would be prudent to clarify the system's future before embarking on a major renovation. This will to a large extent be achieved by completing the assessment of group level potential.
Recommendation: Complete the assessment of group level potential for the Mortgage system. If this shows that it is likely to be required within the new group services structure, review the Mortgage system in line with recent analysis, consider improvements in all areas identified by the analysis and refresh technology to ensure that viability and capacity issues are addressed. If the assessment shows that the Mortgage system is not likely to be required, form a tactical plan to ensure it has sufficient capacity for its remaining time.
The Tessa system has a score of 66.0%, below the 70% threshold. It has four priority 3 issues.
The low score, relatively high notional value for improvement (£70,000) and number of issues suggest that the Tessa system could be improved. However, there are a number of reasons why this is not likely to be worthwhile.
-
The Tessa system is a legacy system, managing the Tessa product that is no longer available for new investments due to tax changes. It is a declining product, with no potential for future business.
-
Some of the issues and notional value relate to its potential as a group service. However, the group is unlikely to consolidate Tessa services as they are a declining product.
-
The system is outsourced to Isisco, and they have improved the score by a respectable 3.0%.
Recommendation: No further action required, Tessa system is being managed in line with its declining importance.
Travel money is a candidate for improvement because the notional value of improvement £111,000 exceeds the threshold of £100,000.
Travel money is a package system that has been installed during the past year.
Most of the potential for improvement reflects outstanding work on the project, which is in hand.
-
Complete the service level agreement.
-
Ensure the system recovery plans fully meet requirements.
-
Upgrade the product to allow more viable technology to be used. (The latest version of the product was not considered sufficiently stable for the project, and so an earlier version running on Windows NT4 was implemented.)
Some of the potential for improvement reflects functionality which could be requested from the package vendor:
-
Efficiency of handling the requirements of the money laundering regulations.
-
Efficiency of handling the requirements of the data protection act.
-
Efficiency of handling the requirements of other regulation.
Other potential areas for improvement include how the system has been integrated, and the completeness of the test packs.
A post implementation review of Travel Money is planned.
Recommendation: During the post implementation review of Travel Money, consider the improvements identified in the recent analysis, including whether to request better support for regulatory requirements from the package vendor.
Unsecured loans is candidate for improvement for three reasons:
-
The notional value for improvements, £160,000, is greater than the £100,000 threshold.
-
There is one outstanding priority 2 issue: it provides no specific support for cancellation rights regulations and requires significant manual workarounds.
-
It has thee outstanding priority 3 issues: system autonomy, money laundering and other regulations.
Other than this, Unsecured Loans is a good system, with a score of 79.5%.
Looking in more depth at these and the other areas, it is clear that the underlying weakness with Unsecured Loans is that it is does not provide efficient facilities for interfacing. Providing it with a more flexible interface capabilities would help it more efficiently meet its regulatory requirements, and address many of the other issues with the system.
Recommendation: Review the application integration approach used by Unsecured Loans, with a view to automating the extraction and use of data required to support regulatory requirements.
The technology viability criterion is a candidate for improvement because the notional value for improvement (£126,000) exceeds the £1,000 per unit size threshold.
Looking more closely, technology viability has declined 5.9% to 70.8% over the past year. The decline reflects the tendency for technology to get out of date, and suggests that there may be a value in tightening the policies to ensure systems remain on viable technology.
Recommendation: review the policies in place to ensure that viable technology is selected and that technology is upgraded to remain viable.
When considering the value of this recommendation, be aware that some of the value is also included in system recommendations. Avoid double counting.
The multi-brand capability criterion is a candidate for improvement because the potential value for improvement (£126,000) exceeds the £1,000 per unit size threshold.
Looking more closely, however:
-
Multi-brand capability has increased by 14.5% to 76.0%. This shows that the policies to improve multi-brand capability are working.
-
Nearly half of the potential for improvement is within the Mortgage system, which is a candidate for improvement for a number of reasons.
Recommendation: No further action required, existing policies in this area are sufficient.
The standardised interfaces criterion is a candidate for improvement because the potential value for improvement (£138,000) exceeds the £1,000 per unit size threshold.
Standard interfaces has increased by 14.0% to 73.7%. This shows that the policies to improve standard interfaces are working. However, unlike multi-brand capability, the potential for improvement is spread across many systems. Some further guidance or additional investment may help. Further investigation is required.
Recommendation: Review the policies on standardised interfaces (removal of stovepipe interfaces in anticipation of group-level services), to see if further guidance or greater funding would be worthwhile.
When considering the value of this recommendation, be aware that some of the value is also included in system recommendations. Avoid double counting.
Previous: B.1. Example terms of reference | Next: Appendix C. System governance meetings | Up | Contents
