TechniClick - GWEA & EA Governance


Published on

Published in: Technology, Business
  • Be the first to comment

TechniClick - GWEA & EA Governance

  1. 1. GWEA Framework & EA Governance By Willie Needham (Chief Enterprise Architect, SITA) 11 September 2009 (GITOC Techni-Click – Durban)
  2. 2. Agenda <ul><li>Introduction – “The Problem” </li></ul><ul><li>A Governance perspective </li></ul><ul><li>GWEA Perspective </li></ul><ul><li>Conclusion </li></ul>
  3. 3. <ul><li>Objective: Sell more Cola in Middle East </li></ul><ul><li>Challenge: Language </li></ul><ul><li>Solution: Use Pictures </li></ul><ul><li>Outcome: Drop in Cola $ales </li></ul><ul><li>Why: They read from RIGHT-TO-LEFT </li></ul>More than a technical challenge
  4. 4. Introduction – The Problem “ One's mind, once stretched by a new idea, never regains its original dimensions.” - Oliver Wendell Holmes
  5. 5. The Interconnectedness of Government <ul><li>Activities in Government do not occur in isolation </li></ul><ul><li>Government is large, complex and interconnected </li></ul><ul><li>Its systems are large, complex but disconnected </li></ul>The disconnected nature of systems within Government has a major impact on the lives of its Citizens and the quality and efficiency of the services Local Provincial National Social Development Correctional Services DTI Labour SARS Agriculture Home Affairs Justice Secret Service Water Affairs & Forestry Transport Housing Education Public Works SAPS SASSA Health Safety & Security
  6. 6. Information Sharing in Government Today <ul><li>Limited ‘integration’ is based on exchange of flat-files established on an as-needed basis: </li></ul><ul><ul><li>Requires time consuming negotiations with individual organisations </li></ul></ul><ul><ul><li>Entities not set-up for information sharing (no established infrastructure or dedicated and skilled resources) </li></ul></ul><ul><ul><li>Have to redefine mechanisms from scratch </li></ul></ul><ul><ul><ul><li>No use of standards </li></ul></ul></ul><ul><ul><ul><li>No consistency across government </li></ul></ul></ul><ul><ul><ul><li>Based on ‘make-do’ infrastructure </li></ul></ul></ul><ul><ul><ul><li>No reusability </li></ul></ul></ul><ul><ul><li>Tends to be batch based with long update cycles </li></ul></ul>
  7. 7. Disconnectedness - Social Cluster Example <ul><li>Tackling poverty remains one of Government’s top moral and political imperatives yet getting help from Government remains difficult </li></ul><ul><li>Citizen has to ‘integrate’ Government by following arduous administrative processes </li></ul><ul><li>Gathering proof-of-eligibility alone can often take up to 24 months </li></ul><ul><li>Other impacts include: </li></ul><ul><ul><li>Duplication of administrative processes </li></ul></ul><ul><ul><li>Fraud and double-dipping </li></ul></ul>Labour SARS Home Affairs UIF Housing Education Public Works SASSA Local Gov Land Affairs Gather proof of plight Prioritisation and access for public works programme Exemption from school fees Access to housing subsidy Diversion to economic activity and enrolment totraining programme Access to Free Basic Services Access to Grant Accessing Social protection services
  8. 8. Disconnectedness - Justice Cluster Example <ul><li>The justice system is still plagued with inefficiencies </li></ul><ul><li>Crime reporting and response is a nightmare for citizens </li></ul><ul><li>Evidence gathering and collaboration for prosecution a challenge (missing dockets etc) </li></ul><ul><li>Prisoner Identity swapping </li></ul><ul><li>Children in conflict with the law imprisoned with hardened criminals </li></ul><ul><li>Cases involving child abuse not reported to social workers </li></ul><ul><li>Inadequate probation services </li></ul>SAPS SARS Home Affairs Other Gather evidence and related info Probation Service Juvenile detention Child Protection Investigate Arrest NPA DoJ DCS DSD Prosecute Adjudicate Detention Person Exhibit ID Case
  9. 9. Challenges <ul><li>Diverse and Fragmented ICT Planning Frameworks and Processes. </li></ul><ul><li>Proprietary “extensions” to Open Standards. </li></ul><ul><li>Technical standards quagmire (balancing the right mix). </li></ul><ul><li>The priority of Performance over Conformance result in low levels of interoperability. </li></ul><ul><li>Regulation and Security complexities often default to isolation of systems. </li></ul><ul><li>Incomplete ICT System inventories in Government. </li></ul>
  10. 10. So where are we? ?
  11. 11. A Governance perspective “ Sometimes when I consider what tremendous consequences come from little things… I am tempted to think there are no little things.” - Bruce Barton
  12. 12. Talk to each other <ul><li>“ Government IT systems must talk to each other”… </li></ul><ul><li>Minister Public Service & Administration, </li></ul><ul><li>7 October 2000 </li></ul>
  13. 13. Government ICT House of Values* * From e-Government Policy, SITA Regulations & SITA Act (amended) Security Interoperability Reduced Duplication Economies of Scale Digital Inclusion Lower Cost Citizen Convenience Increased Productivity ICT Planning (GWEA) -> ICT Acquisition -> ICT Operations ICT Value Principles Means/Services
  14. 14. Regulatory drivers* <ul><li>Chap 1, Part III:B,C – Strategic Planning </li></ul><ul><ul><li>Define Core Objectives </li></ul></ul><ul><ul><li>Describe Core and Support Activities </li></ul></ul><ul><ul><li>Specify the Functions & Structures </li></ul></ul><ul><ul><li>Specify the Main Services to customers </li></ul></ul><ul><li>Chap 1, Part III.E – Information Planning </li></ul><ul><ul><li>Establish an Information Plan </li></ul></ul><ul><ul><li>Establish an Information Infrastructure Plan ; and </li></ul></ul><ul><ul><li>Establish an Operational Plan to implement the above </li></ul></ul><ul><li>Chap 5 – e-Government Compliance </li></ul><ul><ul><li>Comply with “ICT House of Values” </li></ul></ul><ul><ul><li>Comply with MISS (Security Standard) </li></ul></ul><ul><ul><li>Comply with MIOS (Interoperability Standard) </li></ul></ul>* Public Service Regulations, 2001 (amended Mar 2009)
  15. 15. ICT Governance Overview
  16. 16. Governance defined <ul><li>Governance is derived from the Greek verb κυβερνάω [ kubernáo ] which means to steer. </li></ul><ul><li>Corporate governance is the set of processes , customs, policies, laws, and institutions affecting the way a corporation (or company) is directed , administered or controlled. The principal stakeholders are the shareholders/members, management, and the board of directors. </li></ul><ul><li>ICT governance is the responsibility of executives and the board of directors, and consists of the leadership, organisational structures and processes that ensure that the enterprise’s ICT sustains and extends the organisation’s strategies and objectives. </li></ul>So, it’s a … Virtual Structure of Leaders (PEOPLE) responsible to “ DIRECT”, “MONITOR” & “ENSURE” Performance and Conformance of Strategic Resources
  17. 17. ICT Governance in Context
  18. 18. King III on ICT Governance (ICTG) <ul><li>5.1 ICTG is Board responsibility </li></ul><ul><ul><li>On the Board Agenda </li></ul></ul><ul><ul><li>IT charter & policies implemented. </li></ul></ul><ul><ul><li>Awareness & common ICT language. </li></ul></ul><ul><ul><li>ICT control framework implemented </li></ul></ul><ul><ul><li>Effectiveness of ICT controls. </li></ul></ul><ul><li>5.2 Align ICT and company objectives </li></ul><ul><ul><li>ICT strategy integrated with company’s strategy/processes. </li></ul></ul><ul><ul><li>Improve performance through ICT. </li></ul></ul><ul><li>5.3 ICTG Framework </li></ul><ul><ul><li>Structures, processes and mechanisms for the ICT governance. </li></ul></ul><ul><ul><li>ICT SteerCom to support ICTG </li></ul></ul><ul><ul><li>Appoint a CIO; as executive. </li></ul></ul><ul><li>5.4 Monitor ICT investments and expenditure </li></ul><ul><ul><li>Value delivery of ICT and monitor ROI. </li></ul></ul><ul><ul><li>IP in information systems are protected. </li></ul></ul><ul><ul><li>ICTG for outsourced ICT services. </li></ul></ul><ul><li>5.5 ICT an integral part of risk management </li></ul><ul><ul><li>Adequate business resilience for disaster recovery. </li></ul></ul><ul><ul><li>Complies with ICT laws and that ICT related rules, codes and standards. </li></ul></ul>
  19. 19. King III on ICT Governance <ul><li>5.6 Information assets are managed effectively </li></ul><ul><ul><li>systems in place for the management of information which should include information security, information management and information privacy. </li></ul></ul><ul><ul><li>All personal information is treated by the company as an important business asset and is identified. </li></ul></ul><ul><ul><li>Information Security Management System is developed and implemented. </li></ul></ul><ul><ul><li>Approve the information security strategy and delegate and empower management to implement the strategy. </li></ul></ul><ul><li>5.7 A risk committee and audit committee should assist the board in carrying out its ICT responsibilities </li></ul><ul><ul><li>IT risks are adequately addressed. </li></ul></ul><ul><ul><li>appropriate assurance that controls are in place and effective in addressing IT risks. </li></ul></ul><ul><ul><li>Consider IT as it relates to financial reporting and the going concern of the company. </li></ul></ul><ul><ul><li>Consider the use of technology to improve audit coverage and efficiency. </li></ul></ul>
  20. 20. COBIT – IT Governance Focus Areas <ul><li>Strategic alignment </li></ul><ul><ul><li>Link Business and IT plans (IT Value proposition) </li></ul></ul><ul><ul><li>Align IT operations with Business Operations </li></ul></ul><ul><li>Value delivery </li></ul><ul><ul><li>Ensure IT delivers to promised benefits/value </li></ul></ul><ul><ul><li>Optimising costs and Value of IT. </li></ul></ul><ul><li>Resource management </li></ul><ul><ul><li>Optimal investment </li></ul></ul><ul><ul><li>Manage IT resources (applications, information, infrastructure and people). </li></ul></ul><ul><li>Risk management </li></ul><ul><ul><li>Risk awareness and appetite by senior corporate officers. </li></ul></ul><ul><ul><li>Understanding of compliance requirements </li></ul></ul><ul><ul><li>Assign risk management responsibilities into the organisation. </li></ul></ul><ul><li>Performance measurement </li></ul><ul><ul><li>Tracks/Monitors strategy implementation - BSC (projects, resource, process and services) </li></ul></ul>
  21. 21. COBIT - Align Business with EA for IT
  22. 22. COBIT Processes (34)
  23. 23. ISO 38500 Principles <ul><li>Principle 1: Responsibility </li></ul><ul><ul><li>Individuals and groups within the organization understand and accept their responsibilities. </li></ul></ul><ul><li>Principle 2: Strategy </li></ul><ul><ul><li>The organization’s business strategy takes into account the current and future capabilities of IT. </li></ul></ul><ul><li>Principle 3: Acquisition </li></ul><ul><ul><li>IT acquisitions are made for valid reasons; clear and transparent decision making (balance between benefits, opportunities, costs, and risks). </li></ul></ul><ul><li>Principle 4: Performance </li></ul><ul><ul><li>IT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future business requirements. </li></ul></ul><ul><li>Principle 5: Conformance </li></ul><ul><ul><li>IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced. </li></ul></ul><ul><li>Principle 6: Human Behaviour </li></ul><ul><ul><li>IT policies, practices and decisions demonstrate respect for Human Behaviour </li></ul></ul>
  24. 24. ISO38500 ICT Governance Model Business Processes DIRECT EVALUATE MONITOR ICT PROJECTS ICT OPERATIONS Proposals Plans Policies Performance Conformance ICT Governance
  25. 25. Are Governance Models all aligned?
  26. 26. GWEA / MIOS Governance Structure (draft) Minister PSA SITA Exec Gov CIO GITOC AGB GITO ARB GWEA/MIOS National Provincial Public Entities AGB = Architecture Governing Board (Central) ARB = Architecture Review Board/Committee (Departmental) SCARC ISS e-Gov Projects Procure KIM OSS Other GITOC Committees EACOM
  27. 27. GITO Council
  28. 28. Departmental Engagement Model CIO/GITO ICT Planning & Governance DEPARTMENT 1 2 3 4 … 5 6 7 Internal Service Agreements/Contracts Procurement & Development ICT Operation & Support SITA Business Agreement & Service Level Agreements (SITA ACT) EA Services Procurement & Development Services ICT Infrastructure Services INDUSTRY Transversal Contracts
  29. 29. EA In Government “ All models are wrong, but some are useful” George Box, Edward Deming
  30. 30. MIOS / GWEA Product Evolution 2001 - 2003 ODF GWEA v1.0 GWEA v1.2 MIOS XML MIOS v1&2 UK e-GIF UML TOGAF9 MIOS v4.1 MIOS = Minimum Interoperability Standards GWEA = Government Wide Enterprise Architecture GWEA 2007 - 2009 2004 - 2006 GITA v1.0 GITA v1.1 MIOS v3 MIOS v4 Zachman UML TOGAF8, Zachman
  31. 31. EA Context * From Forsberg & Mooz and ISO 15288; Corporate Governance not shown Architecture / Planning Design / Development Production / Operation GWEA / MIOS ISO 12207 (SDLC) ITIL / ISO 20000 COBIT / ISO 38500 Buy Business Architecture Technical Design Build IS/ICT Architecture Business Integration Component Verification IS/ICT Integration ICT Ops Buss Ops Business Design & Dev (e.g. OD, Srv Dev) ENTERPRISE ARCHITECTURE CAPABILITY SYSTEM ACQUISITION CAPABILITIES (Solution Architecture, Project Management, Procurement, Solution Development, Integration) ICT OPERATION CAPABILITIES PUBLIC SERVICE CAPABILITIES PUBLIC SERVICE DEVELOPMENT CAPABILITIES
  32. 32. GWEA Framework composition TOGAF ADM Phase TOGAF-9 GWEA 1.2 Prelim: FW & Contract 5P+1A = 6 3P = 3 A: Vision, Scope & Principles 6P+2A = 8 3P+1A = 4 B: Business Architecture 3P+(2x17)A = 39 2P+(2x5)A = 12 C1: Data Architecture 3P+(2x9)A = 21 2P+(2x3)A = 8 C2: Application Architecture 3P+(2x14)A = 31 2P+(2x3)A = 8 D: Technology Architecture 3P+(2x8)A = 19 2P+(2x3)A = 8 E: Opportunities/Solutions 5P 1P F: Migration Planning 10P 2P TOTAL DELIVERABLES 38P+99A = 137 (89 Non-Duplicated) 17P+29A = 46 (32 Non-Duplicated) <ul><li>P = Project Deliverables (e.g. Charters, Contracts, Analysis Reports, Schedules) </li></ul><ul><li>A = Architecture Deliverables (e.g. Models, Diagrams, Matrices, Catalogues) </li></ul><ul><li>Non-Duplicated = As-Is or To-Be models of the same format </li></ul>
  33. 33. GWEA Framework INTEROPERABILITY CONSISTENCY ALIGNMENT Purpose The minimum standard by which to use an Enterprise Architecture approach to develop and construct National and Departmental ICT Plans and Blueprints Technology Architecture Views (D) Application Architecture Views (C2) Business Architecture Views (B) Data Architecture Views (C1) Organisation Structure Model Application Reference & Standards Model Business Process Model Business Function/Service Model Business Performance Model Business Information Model Application Distribution Model Technology/Network Distribution Model Technology Platform Model Technology Reference & Standards Model Data Reference & Standards Model Data Security Model Data Gap Application Gap Technology Gap Data-Application Model Application Stakeholder Model Opportunities & Solution (E) and Implementation Plan (F) Views (Programmatic Views) Business Gap Preliminary (P) & Vision (A) Views EA Org Model EA FW EA Request EA Principles EA Vision EA SOW Comm Plan Business Roadmap Data Roadmap Application Roadmap Technology Roadmap Consolidated Roadmap & Transition Architecture Implementation and Migration Plan Implementation Governance Model
  34. 34. EA Planning concept Government Departments, Bodies & Clusters Departmental Plans/Blueprints IFMS, e-Gov, GIS, e-Natis, e-HR, NISIS, Who-Am-I, LURITS… NGN, Data Centres, Help Desk, Security, … Business Services Core Services Common Services Shared Non-Shared ICT Infrastructure Information Systems Core Common / Transversal Resource Management Services (“Backend”) Public Services (“Front-End”)
  35. 35. Interoperability – [Re-]defined <ul><li>Interoperable (Dictionary) </li></ul><ul><ul><li>adj; able to operate in conjunction [Concise Oxford Dictionary, 9th Edition] </li></ul></ul><ul><li>Interoperability (from the Web) </li></ul><ul><ul><li>The ability to exchange and use information. [Princeton] </li></ul></ul><ul><ul><li>The ability of diverse systems and organizations to work together (interoperate). [Wikipedia] </li></ul></ul><ul><ul><li>The ability of systems, units, or forces to provide data, information, materiel, and services to and accept the same from other systems, units, or forces, and to use the data, information, materiel, and services so exchanged to enable them to operate effectively together. [US DoD, DoDD 5000.1] </li></ul></ul><ul><ul><li>The capability of systems to communicate with one another and to exchange and use information including content, format, and semantics [NIST] </li></ul></ul><ul><li>Mathematician's definition </li></ul>
  36. 36. Interoperability levels* * Tolk, Andreas. “Beyond Technical Interoperability – Introducing a Reference Model for Measures of Merit for Coalition Interoperability. Business Architecture & Standards MIOS V4.1 MIOS V5 Network Centric Thinking (Joint-up Government) Information- Centric Thinking Techno- Centric Thinking IS/ICT Architecture & Standards Physical Interoperability Protocol Interoperability Data/Object Interoperability Information Interoperability Knowledge/Awareness Aligned Procedures Aligned Operations Harmonised Strategy/Doctrine Political Objectives <ul><li>Organisational Interoperability </li></ul><ul><li>organisational components </li></ul><ul><li>are able to perform seamlessly together. </li></ul>Technical Interoperability - technical issues of linking computer systems and services. Semantic Interoperability - ensuring the precise meaning of exchanged information between different kind of Information Systems.
  37. 37. MIOS v4.1 Composition* OPEN STANDARDS from IETF, ISO, W3C, OASIS, ITU-T, ANSI, IEEE, ECMA, ETSI * Minimum Interoperability Standards (MIOS) v4.1, DPSA, Aug 2007 Category Component (Standards) Connectivity Web/Internet (HTTP) E-Mail (SMTP, MIME, IMAP, S/MIME) Directory & Naming (X.500 and DNS) Network (FTP, TCP/IP, TLS) Security (e.g. RC4, RSA, AES, ) Web Services (SOAP, WSDL, UDDI) Internet Conferencing (H.323, SIP) Mobile Phones (WAP2, GPRS, SMS, MMS) Data Interoperability Meta-Data (XML, XSL) Data Security (SAML) PKI (X.509) Modelling (UML, XMI) Ontology (OWL) Geospatial (GML) Information Access & Content Standards Web/Hypertext (HTML, XHTML, JavaScript) Office Documents (UTF-8, ODF, CSV, PDF) Still images and Video (JPEG, PNG, TIFF, MPEG) File Compression (TAR, ZIP, GZIP) Relational DB Access (SQL-93) Meta-Data Content Management (Dublin Core) Syndication (RSS)
  38. 38. Challenges & Conclusion “ Sometimes when I consider what tremendous consequences come from little things… I am tempted to think there are no little things.” - Bruce Barton
  39. 39. Some challenges Identity issues Compliance Issues Conflicting Policies Cooperation
  40. 40. The road ahead (“for ICT”)… <ul><li>Promulgate GWEA Framework to standardise ICT Planning across government. </li></ul><ul><li>Enhance the Minimum Interoperability Standards (MIOS) </li></ul><ul><ul><li>Add compliance guidelines for Suppliers and Acquirers. </li></ul></ul><ul><ul><li>Add Transversal Data Standards and Schema’s (e.g. Health, Social, Safety, Finance, HR, SCM Data Schema) </li></ul></ul><ul><li>Constitute National EA Governing Body. </li></ul><ul><li>Enhance Certification of ICT systems for compliance with MIOS. </li></ul><ul><li>Validate conformance of Departmental EA against GWEA. </li></ul><ul><li>Establish Training mechanisms for EA. </li></ul><ul><li>Establish EA Tool & Repository. </li></ul>
  41. 41. Conclusion <ul><li>Relevant Legislation to be enacted to make EA & integration work. </li></ul><ul><li>Strong ownership and responsibilities of Business Architecture . </li></ul><ul><li>Appropriate governance structures, performance and funding model. </li></ul><ul><li>A Common Reference Model to serve as reference for integration. </li></ul><ul><li>Complete Information System Inventory </li></ul><ul><li>A new set of Semantic Interoperability standards (e.g. XML Schema) </li></ul><ul><li>Compliance to Open Technical Standards (non-functional requirement) as part of all acquisition processes. </li></ul><ul><li>Require a cross government “Integration Bus” . </li></ul><ul><li>Stronger “ Shared Service ” infrastructure </li></ul><ul><li>Improved “ System Integration ” capabilities (skills, methods & tools). </li></ul><ul><li>A fully integrated government will remain a Vision – a journey that strives for higher levels of maturity in the Technical, Semantic and Organisational Interoperability areas. </li></ul>
  42. 42. Thank You Dankie Siyabonga Ke a leboha Siyathokoza Willie Needham Chief Enterprise Architect Strategic Services State IT Agency (Pty) Ltd Pretoria, South Africa Tel: 012 482 2774 [email_address]
  43. 43. Sometimes I think we try to … <ul><li>Force feed a pill to a cat, </li></ul><ul><li>Eat an Elephant, </li></ul><ul><li>Boil the Ocean, </li></ul><ul><li>Align the Planets. </li></ul>
  44. 44. An EA Capability/Function <ul><li>EA Process </li></ul><ul><ul><li>EA Development Process </li></ul></ul><ul><ul><li>EA Logic (Meta-Model of deliverables) </li></ul></ul><ul><ul><li>EA Methods (Techniques, Notation) </li></ul></ul><ul><li>EA People </li></ul><ul><ul><li>Governance structures </li></ul></ul><ul><ul><li>Roles & Responsibilities (RACI Charts) </li></ul></ul><ul><ul><li>Competencies </li></ul></ul><ul><li>EA Information System (EA Tools) </li></ul><ul><ul><li>Planning & Modelling Software </li></ul></ul><ul><ul><li>EA Data Repository </li></ul></ul><ul><ul><li>ICT Infrastructure </li></ul></ul><ul><li>EA Deliverables (“Content”) </li></ul><ul><ul><li>EA Reference Models / Blueprints / Plans </li></ul></ul><ul><ul><li>Interoperability Standards </li></ul></ul>Process People Technology Models, Plans & Standards